--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: pkg-qemu-devel@alioth-lists.debian.net
Please unblock package qemu
[ Reason ]
This is a bugfix release with many changes picked up from upstream
fixing a bunch of various bugs here and there. The whole thing is
intended to become a stable/bugfix release upstream, if next major
release of qemu wont be released first.
Unlike many other debian releases of qemu, this one contains fixes
for obvious bugs, discussed, verified and approved upstream.
But the amount of these fixes is somewhat large(ish). This is because
upstream qemu lacked stable releases for quite some time, due to
stable team being busy with other things. I stepped up as a new
qemu stable release manager, tho it happened maybe a bit too late
(qemu stable maintenance ends with next major release, and we already
have qemu-8.0-rc0).
It also contains two small changes, - fix for qemu-guest-agent udev
rule (it never worked), and removal of a script which hasn't been in
use for many years (which refer to /dev/hda).
[ Impact ]
I don't have all references to bugreports which are closed by this
release. I can collect such a list if necessary, tho it already
took me a long time to collect patches and verify they're okay.
The most interesting, in my view anyway, is the fix to direct
kernel boot (-kernel /boot/vmlinuz-1.2.3) which affects bookworm
x86 kernels, - the fix is a series of reverts of a few changes,
restoring a status quo in boot-time RNG as it has been before the
7.2 version.
[ Tests ]
The release passes all the upstream testsuite, plus a good assortment
of x86-mostly tests which I perform locally. It is intended as an
upstream stable release, especially first one by me, so I took extra
care of testing.
[ Risks ]
So far I don't see any immediate risks here.
There's one caveat though. The patchset includes two changes in migration
code, - older => 7.2 migration was broken, now it works. But this change
also breaks unfixed-7.2 => fixed-7.2 migration. This is a trade-off which
we discussed upstream and decided to go this route.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
If we'll release upstream 7.2.1 before 8.0 (or else it wont be released
at all), I'd love to push "official" 7.2.1 to debian too. It will be the
same resulting code, but a single 7.2=>7.2.1 patchset (or a new upstream
tarball), maybe with some more changes. With the same good testing and
extra care.
unblock qemu/1:7.2+dfsg-5
diff -Nru qemu-7.2+dfsg/debian/changelog qemu-7.2+dfsg/debian/changelog
--- qemu-7.2+dfsg/debian/changelog 2023-02-20 21:00:18.000000000 +0300
+++ qemu-7.2+dfsg/debian/changelog 2023-03-05 20:09:04.000000000 +0300
@@ -1,3 +1,42 @@
+qemu (1:7.2+dfsg-5) unstable; urgency=medium
+
+ * d/qemu-guest-agent.udev: fix missing comma
+ (Christian Schneider <debian@c-schneider.net>, Closes: #1031838)
+ * remove qemu-make-debian-root.
+ Ths script debian/qemu-make-debian-root has been broken for ages.
+ In 2023, it creates /etc/fstab with a reference to /dev/hda1, and
+ edits /etc/inittab which does not exist. And no one noticed, - so
+ it's safe to assume it is not used anymore. Just remove it.
+ * re-pick qemu-stable patches from master (the same patch contents):
+ master/tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch
+ master/target-i386-Fix-BEXTR-instruction.patch
+ master/target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
+ master/target-i386-fix-ADOX-followed-by-ADCX.patch
+ * 20 more changes picked from upstream/master:
+ master/target-i386-Fix-BZHI-instruction.patch
+ master/block-iscsi-fix-double-free-on-BUSY-or-similar-status.patch
+ master/hw-smbios-fix-field-corruption-in-type-4-table.patch
+ master/Revert-x86-do-not-re-randomize-RNG-seed-on-snapshot-.patch
+ master/Revert-x86-re-initialize-RNG-seed-when-selecting-ker.patch
+ master/Revert-x86-reinitialize-RNG-seed-on-system-reboot.patch
+ master/Revert-x86-use-typedef-for-SetupData-struct.patch
+ master/Revert-x86-return-modified-setup_data-only-if-read-a.patch
+ master/Revert-hw-i386-pass-RNG-seed-via-setup_data-entry.patch
+ master/vhost-user-gpio-Configure-vhost_dev-when-connecting.patch
+ master/vhost-user-i2c-Back-up-vqs-before-cleaning-up-vhost_.patch
+ master/vhost-user-rng-Back-up-vqs-before-cleaning-up-vhost_.patch
+ master/virtio-rng-pci-fix-migration-compat-for-vectors.patch
+ master/virtio-rng-pci-fix-transitional-migration-compat-for.patch
+ master/hw-timer-hpet-Fix-expiration-time-overflow.patch
+ master/vdpa-stop-all-svq-on-device-deletion.patch
+ master/vhost-avoid-a-potential-use-of-an-uninitialized-vari.patch
+ master/libvhost-user-check-for-NULL-when-allocating-a-virtq.patch
+ master/chardev-char-socket-set-s-listener-NULL-in-char_sock.patch
+ master/intel-iommu-fail-MAP-notifier-without-caching-mode.patch
+ master/intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch
+
+ -- Michael Tokarev <mjt@tls.msk.ru> Sun, 05 Mar 2023 20:09:04 +0300
+
qemu (1:7.2+dfsg-4) unstable; urgency=medium
* block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch:
diff -Nru qemu-7.2+dfsg/debian/control qemu-7.2+dfsg/debian/control
--- qemu-7.2+dfsg/debian/control 2023-02-20 21:00:18.000000000 +0300
+++ qemu-7.2+dfsg/debian/control 2023-03-05 20:09:04.000000000 +0300
@@ -476,7 +476,6 @@
Depends: ${shlibs:Depends}, ${misc:Depends},
Recommends:
qemu-block-extra (= ${binary:Version}),
-Suggests: debootstrap,
Description: QEMU utilities
QEMU is a fast processor emulator: currently the package supports
ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
diff -Nru qemu-7.2+dfsg/debian/control-in qemu-7.2+dfsg/debian/control-in
--- qemu-7.2+dfsg/debian/control-in 2023-02-02 20:49:50.000000000 +0300
+++ qemu-7.2+dfsg/debian/control-in 2023-03-05 20:03:09.000000000 +0300
@@ -492,7 +492,6 @@
Depends: ${shlibs:Depends}, ${misc:Depends},
Recommends:
qemu-block-extra (= ${binary:Version}),
-Suggests: debootstrap,
Description: QEMU utilities
QEMU is a fast processor emulator: currently the package supports
ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
diff -Nru qemu-7.2+dfsg/debian/patches/master/block-iscsi-fix-double-free-on-BUSY-or-similar-status.patch qemu-7.2+dfsg/debian/patches/master/block-iscsi-fix-double-free-on-BUSY-or-similar-status.patch
--- qemu-7.2+dfsg/debian/patches/master/block-iscsi-fix-double-free-on-BUSY-or-similar-status.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/block-iscsi-fix-double-free-on-BUSY-or-similar-status.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,33 @@
+From 5080152e2ef6cde7aa692e29880c62bd54acb750 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 10 Jan 2023 17:36:33 +0100
+Subject: block/iscsi: fix double-free on BUSY or similar statuses
+
+Commit 8c460269aa77 ("iscsi: base all handling of check condition on
+scsi_sense_to_errno", 2019-07-15) removed a "goto out" so that the
+same coroutine is re-entered twice; once from iscsi_co_generic_cb,
+once from the timer callback iscsi_retry_timer_expired. This can
+cause a crash.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1378
+Reported-by: Grzegorz Zdanowski <https://gitlab.com/kiler129>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ block/iscsi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/block/iscsi.c b/block/iscsi.c
+index b3e10f40b6..3aacd0709f 100644
+--- a/block/iscsi.c
++++ b/block/iscsi.c
+@@ -269,6 +269,7 @@ iscsi_co_generic_cb(struct iscsi_context *iscsi, int status,
+ timer_mod(&iTask->retry_timer,
+ qemu_clock_get_ms(QEMU_CLOCK_REALTIME) + retry_time);
+ iTask->do_retry = 1;
++ return;
+ } else if (status == SCSI_STATUS_CHECK_CONDITION) {
+ int error = iscsi_translate_sense(&task->sense);
+ if (error == EAGAIN) {
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/chardev-char-socket-set-s-listener-NULL-in-char_sock.patch qemu-7.2+dfsg/debian/patches/master/chardev-char-socket-set-s-listener-NULL-in-char_sock.patch
--- qemu-7.2+dfsg/debian/patches/master/chardev-char-socket-set-s-listener-NULL-in-char_sock.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/chardev-char-socket-set-s-listener-NULL-in-char_sock.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,70 @@
+From b8a7f51f59e28d5a8e0c07ed3919cc9695560ed2 Mon Sep 17 00:00:00 2001
+From: Yajun Wu <yajunw@nvidia.com>
+Date: Tue, 14 Feb 2023 10:14:30 +0800
+Subject: chardev/char-socket: set s->listener = NULL in char_socket_finalize
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+After live migration with virtio block device, qemu crash at:
+
+ #0 0x000055914f46f795 in object_dynamic_cast_assert (obj=0x559151b7b090, typename=0x55914f80fbc4 "qio-channel", file=0x55914f80fb90 "/images/testvfe/sw/qemu.gerrit/include/io/channel.h", line=30, func=0x55914f80fcb8 <__func__.17257> "QIO_CHANNEL") at ../qom/object.c:872
+ #1 0x000055914f480d68 in QIO_CHANNEL (obj=0x559151b7b090) at /images/testvfe/sw/qemu.gerrit/include/io/channel.h:29
+ #2 0x000055914f4812f8 in qio_net_listener_set_client_func_full (listener=0x559151b7a720, func=0x55914f580b97 <tcp_chr_accept>, data=0x5591519f4ea0, notify=0x0, context=0x0) at ../io/net-listener.c:166
+ #3 0x000055914f580059 in tcp_chr_update_read_handler (chr=0x5591519f4ea0) at ../chardev/char-socket.c:637
+ #4 0x000055914f583dca in qemu_chr_be_update_read_handlers (s=0x5591519f4ea0, context=0x0) at ../chardev/char.c:226
+ #5 0x000055914f57b7c9 in qemu_chr_fe_set_handlers_full (b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=false, sync_state=true) at ../chardev/char-fe.c:279
+ #6 0x000055914f57b86d in qemu_chr_fe_set_handlers (b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=false) at ../chardev/char-fe.c:304
+ #7 0x000055914f378caf in vhost_user_async_close (d=0x559152bf21a0, chardev=0x559152bf23a0, vhost=0x559152bf2420, cb=0x55914f2fb8c1 <vhost_user_blk_disconnect>) at ../hw/virtio/vhost-user.c:2725
+ #8 0x000055914f2fba40 in vhost_user_blk_event (opaque=0x559152bf21a0, event=CHR_EVENT_CLOSED) at ../hw/block/vhost-user-blk.c:395
+ #9 0x000055914f58388c in chr_be_event (s=0x5591519f4ea0, event=CHR_EVENT_CLOSED) at ../chardev/char.c:61
+ #10 0x000055914f583905 in qemu_chr_be_event (s=0x5591519f4ea0, event=CHR_EVENT_CLOSED) at ../chardev/char.c:81
+ #11 0x000055914f581275 in char_socket_finalize (obj=0x5591519f4ea0) at ../chardev/char-socket.c:1083
+ #12 0x000055914f46f073 in object_deinit (obj=0x5591519f4ea0, type=0x5591519055c0) at ../qom/object.c:680
+ #13 0x000055914f46f0e5 in object_finalize (data=0x5591519f4ea0) at ../qom/object.c:694
+ #14 0x000055914f46ff06 in object_unref (objptr=0x5591519f4ea0) at ../qom/object.c:1202
+ #15 0x000055914f4715a4 in object_finalize_child_property (obj=0x559151b76c50, name=0x559151b7b250 "char3", opaque=0x5591519f4ea0) at ../qom/object.c:1747
+ #16 0x000055914f46ee86 in object_property_del_all (obj=0x559151b76c50) at ../qom/object.c:632
+ #17 0x000055914f46f0d2 in object_finalize (data=0x559151b76c50) at ../qom/object.c:693
+ #18 0x000055914f46ff06 in object_unref (objptr=0x559151b76c50) at ../qom/object.c:1202
+ #19 0x000055914f4715a4 in object_finalize_child_property (obj=0x559151b6b560, name=0x559151b76630 "chardevs", opaque=0x559151b76c50) at ../qom/object.c:1747
+ #20 0x000055914f46ef67 in object_property_del_child (obj=0x559151b6b560, child=0x559151b76c50) at ../qom/object.c:654
+ #21 0x000055914f46f042 in object_unparent (obj=0x559151b76c50) at ../qom/object.c:673
+ #22 0x000055914f58632a in qemu_chr_cleanup () at ../chardev/char.c:1189
+ #23 0x000055914f16c66c in qemu_cleanup () at ../softmmu/runstate.c:830
+ #24 0x000055914eee7b9e in qemu_default_main () at ../softmmu/main.c:38
+ #25 0x000055914eee7bcc in main (argc=86, argv=0x7ffc97cb8d88) at ../softmmu/main.c:48
+
+In char_socket_finalize after s->listener freed, event callback function
+vhost_user_blk_event will be called to handle CHR_EVENT_CLOSED.
+vhost_user_blk_event is calling qio_net_listener_set_client_func_full which
+is still using s->listener.
+
+Setting s->listener = NULL after object_unref(OBJECT(s->listener)) can
+solve this issue.
+
+Signed-off-by: Yajun Wu <yajunw@nvidia.com>
+Acked-by: Jiri Pirko <jiri@nvidia.com>
+Message-Id: <20230214021430.3638579-1-yajunw@nvidia.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ chardev/char-socket.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/chardev/char-socket.c b/chardev/char-socket.c
+index c2265436ac..8c58532171 100644
+--- a/chardev/char-socket.c
++++ b/chardev/char-socket.c
+@@ -1065,6 +1065,7 @@ static void char_socket_finalize(Object *obj)
+ qio_net_listener_set_client_func_full(s->listener, NULL, NULL,
+ NULL, chr->gcontext);
+ object_unref(OBJECT(s->listener));
++ s->listener = NULL;
+ }
+ if (s->tls_creds) {
+ object_unref(OBJECT(s->tls_creds));
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/hw-smbios-fix-field-corruption-in-type-4-table.patch qemu-7.2+dfsg/debian/patches/master/hw-smbios-fix-field-corruption-in-type-4-table.patch
--- qemu-7.2+dfsg/debian/patches/master/hw-smbios-fix-field-corruption-in-type-4-table.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/hw-smbios-fix-field-corruption-in-type-4-table.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,51 @@
+From 60d09b8dc7dd4256d664ad680795cb1327805b2b Mon Sep 17 00:00:00 2001
+From: Julia Suvorova <jusual@redhat.com>
+Date: Thu, 23 Feb 2023 13:57:47 +0100
+Subject: hw/smbios: fix field corruption in type 4 table
+
+Since table type 4 of SMBIOS version 2.6 is shorter than 3.0, the
+strings which follow immediately after the struct fields have been
+overwritten by unconditional filling of later fields such as core_count2.
+Make these fields dependent on the SMBIOS version.
+
+Fixes: 05e27d74c7 ("hw/smbios: add core_count2 to smbios table type 4")
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2169904
+
+Signed-off-by: Julia Suvorova <jusual@redhat.com>
+Message-Id: <20230223125747.254914-1-jusual@redhat.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Reviewed-by: Ani Sinha <ani@anisinha.ca>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/smbios/smbios.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
+index 4869566cf5..d2007e70fb 100644
+--- a/hw/smbios/smbios.c
++++ b/hw/smbios/smbios.c
+@@ -750,14 +750,16 @@ static void smbios_build_type_4_table(MachineState *ms, unsigned instance)
+ t->core_count = (ms->smp.cores > 255) ? 0xFF : ms->smp.cores;
+ t->core_enabled = t->core_count;
+
+- t->core_count2 = t->core_enabled2 = cpu_to_le16(ms->smp.cores);
+-
+ t->thread_count = (ms->smp.threads > 255) ? 0xFF : ms->smp.threads;
+- t->thread_count2 = cpu_to_le16(ms->smp.threads);
+
+ t->processor_characteristics = cpu_to_le16(0x02); /* Unknown */
+ t->processor_family2 = cpu_to_le16(0x01); /* Other */
+
++ if (tbl_len == SMBIOS_TYPE_4_LEN_V30) {
++ t->core_count2 = t->core_enabled2 = cpu_to_le16(ms->smp.cores);
++ t->thread_count2 = cpu_to_le16(ms->smp.threads);
++ }
++
+ SMBIOS_BUILD_TABLE_POST;
+ smbios_type4_count++;
+ }
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/hw-timer-hpet-Fix-expiration-time-overflow.patch qemu-7.2+dfsg/debian/patches/master/hw-timer-hpet-Fix-expiration-time-overflow.patch
--- qemu-7.2+dfsg/debian/patches/master/hw-timer-hpet-Fix-expiration-time-overflow.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/hw-timer-hpet-Fix-expiration-time-overflow.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,81 @@
+From 37d2bcbc2a4e9c2e9061bec72a32c7e49b9f81ec Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Tue, 31 Jan 2023 12:00:37 +0900
+Subject: hw/timer/hpet: Fix expiration time overflow
+
+The expiration time provided for timer_mod() can overflow if a
+ridiculously large value is set to the comparator register. The
+resulting value can represent a past time after rounded, forcing the
+timer to fire immediately. If the timer is configured as periodic, it
+will rearm the timer again, and form an endless loop.
+
+Check if the expiration value will overflow, and if it will, stop the
+timer instead of rearming the timer with the overflowed time.
+
+This bug was found by Alexander Bulekov when fuzzing igb, a new
+network device emulation:
+https://patchew.org/QEMU/20230129053316.1071513-1-alxndr@bu.edu/
+
+The fixed test case is:
+fuzz/crash_2d7036941dcda1ad4380bb8a9174ed0c949bcefd
+
+Fixes: 16b29ae180 ("Add HPET emulation to qemu (Beth Kon)")
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Message-Id: <20230131030037.18856-1-akihiko.odaki@daynix.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/timer/hpet.c | 19 +++++++++++++------
+ 1 file changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c
+index 214d6a0501..6998094233 100644
+--- a/hw/timer/hpet.c
++++ b/hw/timer/hpet.c
+@@ -353,6 +353,16 @@ static const VMStateDescription vmstate_hpet = {
+ }
+ };
+
++static void hpet_arm(HPETTimer *t, uint64_t ticks)
++{
++ if (ticks < ns_to_ticks(INT64_MAX / 2)) {
++ timer_mod(t->qemu_timer,
++ qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + ticks_to_ns(ticks));
++ } else {
++ timer_del(t->qemu_timer);
++ }
++}
++
+ /*
+ * timer expiration callback
+ */
+@@ -375,13 +385,11 @@ static void hpet_timer(void *opaque)
+ }
+ }
+ diff = hpet_calculate_diff(t, cur_tick);
+- timer_mod(t->qemu_timer,
+- qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + (int64_t)ticks_to_ns(diff));
++ hpet_arm(t, diff);
+ } else if (t->config & HPET_TN_32BIT && !timer_is_periodic(t)) {
+ if (t->wrap_flag) {
+ diff = hpet_calculate_diff(t, cur_tick);
+- timer_mod(t->qemu_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
+- (int64_t)ticks_to_ns(diff));
++ hpet_arm(t, diff);
+ t->wrap_flag = 0;
+ }
+ }
+@@ -408,8 +416,7 @@ static void hpet_set_timer(HPETTimer *t)
+ t->wrap_flag = 1;
+ }
+ }
+- timer_mod(t->qemu_timer,
+- qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + (int64_t)ticks_to_ns(diff));
++ hpet_arm(t, diff);
+ }
+
+ static void hpet_del_timer(HPETTimer *t)
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch qemu-7.2+dfsg/debian/patches/master/intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch
--- qemu-7.2+dfsg/debian/patches/master/intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,51 @@
+From 09adb0e021207b60a0c51a68939b4539d98d3ef3 Mon Sep 17 00:00:00 2001
+From: Jason Wang <jasowang@redhat.com>
+Date: Thu, 23 Feb 2023 14:59:21 +0800
+Subject: intel-iommu: fail DEVIOTLB_UNMAP without dt mode
+
+Without dt mode, device IOTLB notifier won't work since guest won't
+send device IOTLB invalidation descriptor in this case. Let's fail
+early instead of misbehaving silently.
+
+Reviewed-by: Laurent Vivier <lvivier@redhat.com>
+Tested-by: Laurent Vivier <lvivier@redhat.com>
+Tested-by: Viktor Prutyanov <viktor@daynix.com>
+Buglink: https://bugzilla.redhat.com/2156876
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Message-Id: <20230223065924.42503-3-jasowang@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/i386/intel_iommu.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
+index b520542c47..a6b35b07d2 100644
+--- a/hw/i386/intel_iommu.c
++++ b/hw/i386/intel_iommu.c
+@@ -3179,6 +3179,7 @@ static int vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
+ {
+ VTDAddressSpace *vtd_as = container_of(iommu, VTDAddressSpace, iommu);
+ IntelIOMMUState *s = vtd_as->iommu_state;
++ X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(s);
+
+ /* TODO: add support for VFIO and vhost users */
+ if (s->snoop_control) {
+@@ -3193,6 +3194,13 @@ static int vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
+ PCI_FUNC(vtd_as->devfn));
+ return -ENOTSUP;
+ }
++ if (!x86_iommu->dt_supported && (new & IOMMU_NOTIFIER_DEVIOTLB_UNMAP)) {
++ error_setg_errno(errp, ENOTSUP,
++ "device %02x.%02x.%x requires device IOTLB mode",
++ pci_bus_num(vtd_as->bus), PCI_SLOT(vtd_as->devfn),
++ PCI_FUNC(vtd_as->devfn));
++ return -ENOTSUP;
++ }
+
+ /* Update per-address-space notifier flags */
+ vtd_as->notifier_flags = new;
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/intel-iommu-fail-MAP-notifier-without-caching-mode.patch qemu-7.2+dfsg/debian/patches/master/intel-iommu-fail-MAP-notifier-without-caching-mode.patch
--- qemu-7.2+dfsg/debian/patches/master/intel-iommu-fail-MAP-notifier-without-caching-mode.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/intel-iommu-fail-MAP-notifier-without-caching-mode.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,42 @@
+From b8d78277c091f26fdd64f239bc8bb7e55d74cecf Mon Sep 17 00:00:00 2001
+From: Jason Wang <jasowang@redhat.com>
+Date: Thu, 23 Feb 2023 14:59:20 +0800
+Subject: intel-iommu: fail MAP notifier without caching mode
+
+Without caching mode, MAP notifier won't work correctly since guest
+won't send IOTLB update event when it establishes new mappings in the
+I/O page tables. Let's fail the IOMMU notifiers early instead of
+misbehaving silently.
+
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Tested-by: Viktor Prutyanov <viktor@daynix.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Message-Id: <20230223065924.42503-2-jasowang@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/i386/intel_iommu.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
+index 6b1de80e85..b520542c47 100644
+--- a/hw/i386/intel_iommu.c
++++ b/hw/i386/intel_iommu.c
+@@ -3186,6 +3186,13 @@ static int vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
+ "Snoop Control with vhost or VFIO is not supported");
+ return -ENOTSUP;
+ }
++ if (!s->caching_mode && (new & IOMMU_NOTIFIER_MAP)) {
++ error_setg_errno(errp, ENOTSUP,
++ "device %02x.%02x.%x requires caching mode",
++ pci_bus_num(vtd_as->bus), PCI_SLOT(vtd_as->devfn),
++ PCI_FUNC(vtd_as->devfn));
++ return -ENOTSUP;
++ }
+
+ /* Update per-address-space notifier flags */
+ vtd_as->notifier_flags = new;
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/libvhost-user-check-for-NULL-when-allocating-a-virtq.patch qemu-7.2+dfsg/debian/patches/master/libvhost-user-check-for-NULL-when-allocating-a-virtq.patch
--- qemu-7.2+dfsg/debian/patches/master/libvhost-user-check-for-NULL-when-allocating-a-virtq.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/libvhost-user-check-for-NULL-when-allocating-a-virtq.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,73 @@
+From 9c1916057a8b14411116106e5a5c0c33d551cfeb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Carlos=20L=C3=B3pez?= <clopez@suse.de>
+Date: Fri, 10 Feb 2023 12:25:15 +0100
+Subject: libvhost-user: check for NULL when allocating a virtqueue element
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Check the return value for malloc(), avoiding a NULL pointer
+dereference, and propagate error in function callers.
+
+Found with GCC 13 and -fanalyzer:
+
+../subprojects/libvhost-user/libvhost-user.c: In function ‘virtqueue_alloc_element’:
+../subprojects/libvhost-user/libvhost-user.c:2556:19: error: dereference of possibly-NULL ‘elem’ [CWE-690] [-Werror=analyzer-possible-null-dereference]
+ 2556 | elem->out_num = out_num;
+ | ~~~~~~~~~~~~~~^~~~~~~~~
+ ‘virtqueue_alloc_element’: event 1
+ |
+ | 2554 | assert(sz >= sizeof(VuVirtqElement));
+ | | ^~~~~~
+ | | |
+ | | (1) following ‘true’ branch (when ‘sz > 31’)...
+ |
+ ‘virtqueue_alloc_element’: events 2-4
+ |
+ | 2555 | elem = malloc(out_sg_end);
+ | | ^~~~ ~~~~~~~~~~~~~~~~~~
+ | | | |
+ | | | (3) this call could return NULL
+ | | (2) ...to here
+ | 2556 | elem->out_num = out_num;
+ | | ~~~~~~~~~~~~~~~~~~~~~~~
+ | | |
+ | | (4) ‘elem’ could be NULL: unchecked value from (3)
+ |
+
+Signed-off-by: Carlos López <clopez@suse.de>
+Message-Id: <20230210112514.16858-1-clopez@suse.de>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ subprojects/libvhost-user/libvhost-user.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c
+index f661af7c85..0200b78e8e 100644
+--- a/subprojects/libvhost-user/libvhost-user.c
++++ b/subprojects/libvhost-user/libvhost-user.c
+@@ -2553,6 +2553,10 @@ virtqueue_alloc_element(size_t sz,
+
+ assert(sz >= sizeof(VuVirtqElement));
+ elem = malloc(out_sg_end);
++ if (!elem) {
++ DPRINT("%s: failed to malloc virtqueue element\n", __func__);
++ return NULL;
++ }
+ elem->out_num = out_num;
+ elem->in_num = in_num;
+ elem->in_sg = (void *)elem + in_sg_ofs;
+@@ -2639,6 +2643,9 @@ vu_queue_map_desc(VuDev *dev, VuVirtq *vq, unsigned int idx, size_t sz)
+
+ /* Now copy what we have collected and mapped */
+ elem = virtqueue_alloc_element(sz, out_num, in_num);
++ if (!elem) {
++ return NULL;
++ }
+ elem->index = idx;
+ for (i = 0; i < out_num; i++) {
+ elem->out_sg[i] = iov[i];
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/Revert-hw-i386-pass-RNG-seed-via-setup_data-entry.patch qemu-7.2+dfsg/debian/patches/master/Revert-hw-i386-pass-RNG-seed-via-setup_data-entry.patch
--- qemu-7.2+dfsg/debian/patches/master/Revert-hw-i386-pass-RNG-seed-via-setup_data-entry.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/Revert-hw-i386-pass-RNG-seed-via-setup_data-entry.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,206 @@
+From da0098d259dbd1d023833bb44c8a1f83c21b21dd Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Wed, 8 Feb 2023 16:05:35 -0500
+Subject: Revert "hw/i386: pass RNG seed via setup_data entry"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit 67f7e426e53833a5db75b0d813e8d537b8a75bd2.
+
+Additionally to the automatic revert, I went over the code
+and dropped all mentions of legacy_no_rng_seed manually,
+effectively reverting a combination of 2 additional commits:
+
+ commit ffe2d2382e5f1aae1abc4081af407905ef380311
+ Author: Jason A. Donenfeld <Jason@zx2c4.com>
+ Date: Wed Sep 21 11:31:34 2022 +0200
+
+ x86: re-enable rng seeding via SetupData
+
+ commit 3824e25db1a84fadc50b88dfbe27047aa2f7f85d
+ Author: Gerd Hoffmann <kraxel@redhat.com>
+ Date: Wed Aug 17 10:39:40 2022 +0200
+
+ x86: disable rng seeding via setup_data
+
+Fixes: 67f7e426e5 ("hw/i386: pass RNG seed via setup_data entry")
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Tested-by: Dov Murik <dovmurik@linux.ibm.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 167f4873580d3729565044cda73c3e20997950f2)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
+index 170a331e3f..b231ceda9a 100644
+--- a/hw/i386/microvm.c
++++ b/hw/i386/microvm.c
+@@ -330,7 +330,7 @@ static void microvm_memory_init(MicrovmMachineState *mms)
+ rom_set_fw(fw_cfg);
+
+ if (machine->kernel_filename != NULL) {
+- x86_load_linux(x86ms, fw_cfg, 0, true, false);
++ x86_load_linux(x86ms, fw_cfg, 0, true);
+ }
+
+ if (mms->option_roms) {
+diff --git a/hw/i386/pc.c b/hw/i386/pc.c
+index 546b703cb4..ec5a10534b 100644
+--- a/hw/i386/pc.c
++++ b/hw/i386/pc.c
+@@ -799,7 +799,7 @@ void xen_load_linux(PCMachineState *pcms)
+ rom_set_fw(fw_cfg);
+
+ x86_load_linux(x86ms, fw_cfg, pcmc->acpi_data_size,
+- pcmc->pvh_enabled, pcmc->legacy_no_rng_seed);
++ pcmc->pvh_enabled);
+ for (i = 0; i < nb_option_roms; i++) {
+ assert(!strcmp(option_rom[i].name, "linuxboot.bin") ||
+ !strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
+@@ -1119,7 +1119,7 @@ void pc_memory_init(PCMachineState *pcms,
+
+ if (linux_boot) {
+ x86_load_linux(x86ms, fw_cfg, pcmc->acpi_data_size,
+- pcmc->pvh_enabled, pcmc->legacy_no_rng_seed);
++ pcmc->pvh_enabled);
+ }
+
+ for (i = 0; i < nb_option_roms; i++) {
+diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
+index 0ad0ed1603..24616bf924 100644
+--- a/hw/i386/pc_piix.c
++++ b/hw/i386/pc_piix.c
+@@ -449,11 +449,9 @@ DEFINE_I440FX_MACHINE(v7_2, "pc-i440fx-7.2", NULL,
+
+ static void pc_i440fx_7_1_machine_options(MachineClass *m)
+ {
+- PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+ pc_i440fx_7_2_machine_options(m);
+ m->alias = NULL;
+ m->is_default = false;
+- pcmc->legacy_no_rng_seed = true;
+ compat_props_add(m->compat_props, hw_compat_7_1, hw_compat_7_1_len);
+ compat_props_add(m->compat_props, pc_compat_7_1, pc_compat_7_1_len);
+ }
+diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
+index a496bd6e74..f522874add 100644
+--- a/hw/i386/pc_q35.c
++++ b/hw/i386/pc_q35.c
+@@ -383,10 +383,8 @@ DEFINE_Q35_MACHINE(v7_2, "pc-q35-7.2", NULL,
+
+ static void pc_q35_7_1_machine_options(MachineClass *m)
+ {
+- PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+ pc_q35_7_2_machine_options(m);
+ m->alias = NULL;
+- pcmc->legacy_no_rng_seed = true;
+ compat_props_add(m->compat_props, hw_compat_7_1, hw_compat_7_1_len);
+ compat_props_add(m->compat_props, pc_compat_7_1, pc_compat_7_1_len);
+ }
+diff --git a/hw/i386/x86.c b/hw/i386/x86.c
+index 4831193c86..80be3032cc 100644
+--- a/hw/i386/x86.c
++++ b/hw/i386/x86.c
+@@ -26,7 +26,6 @@
+ #include "qemu/cutils.h"
+ #include "qemu/units.h"
+ #include "qemu/datadir.h"
+-#include "qemu/guest-random.h"
+ #include "qapi/error.h"
+ #include "qapi/qmp/qerror.h"
+ #include "qapi/qapi-visit-common.h"
+@@ -771,8 +770,7 @@ static bool load_elfboot(const char *kernel_filename,
+ void x86_load_linux(X86MachineState *x86ms,
+ FWCfgState *fw_cfg,
+ int acpi_data_size,
+- bool pvh_enabled,
+- bool legacy_no_rng_seed)
++ bool pvh_enabled)
+ {
+ bool linuxboot_dma_enabled = X86_MACHINE_GET_CLASS(x86ms)->fwcfg_dma_enabled;
+ uint16_t protocol;
+@@ -780,7 +778,7 @@ void x86_load_linux(X86MachineState *x86ms,
+ int dtb_size, setup_data_offset;
+ uint32_t initrd_max;
+ uint8_t header[8192], *setup, *kernel;
+- hwaddr real_addr, prot_addr, cmdline_addr, initrd_addr = 0, first_setup_data = 0;
++ hwaddr real_addr, prot_addr, cmdline_addr, initrd_addr = 0;
+ FILE *f;
+ char *vmode;
+ MachineState *machine = MACHINE(x86ms);
+@@ -790,7 +788,6 @@ void x86_load_linux(X86MachineState *x86ms,
+ const char *dtb_filename = machine->dtb;
+ const char *kernel_cmdline = machine->kernel_cmdline;
+ SevKernelLoaderContext sev_load_ctx = {};
+- enum { RNG_SEED_LENGTH = 32 };
+
+ /* Align to 16 bytes as a paranoia measure */
+ cmdline_size = (strlen(kernel_cmdline) + 16) & ~15;
+@@ -1070,31 +1067,16 @@ void x86_load_linux(X86MachineState *x86ms,
+ kernel_size = setup_data_offset + sizeof(struct setup_data) + dtb_size;
+ kernel = g_realloc(kernel, kernel_size);
+
++ stq_p(header + 0x250, prot_addr + setup_data_offset);
+
+ setup_data = (struct setup_data *)(kernel + setup_data_offset);
+- setup_data->next = cpu_to_le64(first_setup_data);
+- first_setup_data = prot_addr + setup_data_offset;
++ setup_data->next = 0;
+ setup_data->type = cpu_to_le32(SETUP_DTB);
+ setup_data->len = cpu_to_le32(dtb_size);
+
+ load_image_size(dtb_filename, setup_data->data, dtb_size);
+ }
+
+- if (!legacy_no_rng_seed) {
+- setup_data_offset = QEMU_ALIGN_UP(kernel_size, 16);
+- kernel_size = setup_data_offset + sizeof(struct setup_data) + RNG_SEED_LENGTH;
+- kernel = g_realloc(kernel, kernel_size);
+- setup_data = (struct setup_data *)(kernel + setup_data_offset);
+- setup_data->next = cpu_to_le64(first_setup_data);
+- first_setup_data = prot_addr + setup_data_offset;
+- setup_data->type = cpu_to_le32(SETUP_RNG_SEED);
+- setup_data->len = cpu_to_le32(RNG_SEED_LENGTH);
+- qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH);
+- }
+-
+- /* Offset 0x250 is a pointer to the first setup_data link. */
+- stq_p(header + 0x250, first_setup_data);
+-
+ /*
+ * If we're starting an encrypted VM, it will be OVMF based, which uses the
+ * efi stub for booting and doesn't require any values to be placed in the
+diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
+index c95333514e..0c76e82626 100644
+--- a/include/hw/i386/pc.h
++++ b/include/hw/i386/pc.h
+@@ -128,9 +128,6 @@ struct PCMachineClass {
+
+ /* create kvmclock device even when KVM PV features are not exposed */
+ bool kvmclock_create_always;
+-
+- /* skip passing an rng seed for legacy machines */
+- bool legacy_no_rng_seed;
+ };
+
+ #define TYPE_PC_MACHINE "generic-pc-machine"
+diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
+index 62fa5774f8..df82c5fd42 100644
+--- a/include/hw/i386/x86.h
++++ b/include/hw/i386/x86.h
+@@ -126,8 +126,7 @@ void x86_bios_rom_init(MachineState *ms, const char *default_firmware,
+ void x86_load_linux(X86MachineState *x86ms,
+ FWCfgState *fw_cfg,
+ int acpi_data_size,
+- bool pvh_enabled,
+- bool legacy_no_rng_seed);
++ bool pvh_enabled);
+
+ bool x86_machine_is_smm_enabled(const X86MachineState *x86ms);
+ bool x86_machine_is_acpi_enabled(const X86MachineState *x86ms);
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/Revert-x86-do-not-re-randomize-RNG-seed-on-snapshot-.patch qemu-7.2+dfsg/debian/patches/master/Revert-x86-do-not-re-randomize-RNG-seed-on-snapshot-.patch
--- qemu-7.2+dfsg/debian/patches/master/Revert-x86-do-not-re-randomize-RNG-seed-on-snapshot-.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/Revert-x86-do-not-re-randomize-RNG-seed-on-snapshot-.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,37 @@
+From ef82d893de6d5bc0023026e636eae0f9a3e319dd Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Wed, 8 Feb 2023 15:55:38 -0500
+Subject: Revert "x86: do not re-randomize RNG seed on snapshot load"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit 14b29fea742034186403914b4d013d0e83f19e78.
+
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Fixes: 14b29fea74 ("x86: do not re-randomize RNG seed on snapshot load")
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Tested-by: Dov Murik <dovmurik@linux.ibm.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ hw/i386/x86.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/i386/x86.c b/hw/i386/x86.c
+index 9b7476158c..7a128a2899 100644
+--- a/hw/i386/x86.c
++++ b/hw/i386/x86.c
+@@ -1116,7 +1116,7 @@ void x86_load_linux(X86MachineState *x86ms,
+ setup_data->type = cpu_to_le32(SETUP_RNG_SEED);
+ setup_data->len = cpu_to_le32(RNG_SEED_LENGTH);
+ qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH);
+- qemu_register_reset_nosnapshotload(reset_rng_seed, setup_data);
++ qemu_register_reset(reset_rng_seed, setup_data);
+ fw_cfg_add_bytes_callback(fw_cfg, FW_CFG_KERNEL_DATA, reset_rng_seed, NULL,
+ setup_data, kernel, kernel_size, true);
+ } else {
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/Revert-x86-reinitialize-RNG-seed-on-system-reboot.patch qemu-7.2+dfsg/debian/patches/master/Revert-x86-reinitialize-RNG-seed-on-system-reboot.patch
--- qemu-7.2+dfsg/debian/patches/master/Revert-x86-reinitialize-RNG-seed-on-system-reboot.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/Revert-x86-reinitialize-RNG-seed-on-system-reboot.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,49 @@
+From fdc27ced04160904af1f290b561eded73abb8f1d Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Wed, 8 Feb 2023 15:55:40 -0500
+Subject: Revert "x86: reinitialize RNG seed on system reboot"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit 763a2828bf313ed55878b09759dc435355035f2e.
+
+Fixes: 763a2828bf ("x86: reinitialize RNG seed on system reboot")
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Tested-by: Dov Murik <dovmurik@linux.ibm.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ hw/i386/x86.c | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/hw/i386/x86.c b/hw/i386/x86.c
+index ec9c343cdb..278dd54830 100644
+--- a/hw/i386/x86.c
++++ b/hw/i386/x86.c
+@@ -788,12 +788,6 @@ static void reset_setup_data(void *opaque)
+ stq_p(fixup->pos, fixup->orig_val);
+ }
+
+-static void reset_rng_seed(void *opaque)
+-{
+- SetupData *setup_data = opaque;
+- qemu_guest_getrandom_nofail(setup_data->data, le32_to_cpu(setup_data->len));
+-}
+-
+ void x86_load_linux(X86MachineState *x86ms,
+ FWCfgState *fw_cfg,
+ int acpi_data_size,
+@@ -1116,7 +1110,6 @@ void x86_load_linux(X86MachineState *x86ms,
+ setup_data->type = cpu_to_le32(SETUP_RNG_SEED);
+ setup_data->len = cpu_to_le32(RNG_SEED_LENGTH);
+ qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH);
+- qemu_register_reset(reset_rng_seed, setup_data);
+ }
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr);
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/Revert-x86-re-initialize-RNG-seed-when-selecting-ker.patch qemu-7.2+dfsg/debian/patches/master/Revert-x86-re-initialize-RNG-seed-when-selecting-ker.patch
--- qemu-7.2+dfsg/debian/patches/master/Revert-x86-re-initialize-RNG-seed-when-selecting-ker.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/Revert-x86-re-initialize-RNG-seed-when-selecting-ker.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,44 @@
+From b4bfa0a31d86caf89223e10e701c5b00df369b37 Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Wed, 8 Feb 2023 15:55:39 -0500
+Subject: Revert "x86: re-initialize RNG seed when selecting kernel"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit cc63374a5a7c240b7d3be734ef589dabbefc7527.
+
+Fixes: cc63374a5a ("x86: re-initialize RNG seed when selecting kernel")
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Tested-by: Dov Murik <dovmurik@linux.ibm.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ hw/i386/x86.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/hw/i386/x86.c b/hw/i386/x86.c
+index 7a128a2899..ec9c343cdb 100644
+--- a/hw/i386/x86.c
++++ b/hw/i386/x86.c
+@@ -1117,14 +1117,11 @@ void x86_load_linux(X86MachineState *x86ms,
+ setup_data->len = cpu_to_le32(RNG_SEED_LENGTH);
+ qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH);
+ qemu_register_reset(reset_rng_seed, setup_data);
+- fw_cfg_add_bytes_callback(fw_cfg, FW_CFG_KERNEL_DATA, reset_rng_seed, NULL,
+- setup_data, kernel, kernel_size, true);
+- } else {
+- fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size);
+ }
+
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
++ fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size);
+ sev_load_ctx.kernel_data = (char *)kernel;
+ sev_load_ctx.kernel_size = kernel_size;
+
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/Revert-x86-return-modified-setup_data-only-if-read-a.patch qemu-7.2+dfsg/debian/patches/master/Revert-x86-return-modified-setup_data-only-if-read-a.patch
--- qemu-7.2+dfsg/debian/patches/master/Revert-x86-return-modified-setup_data-only-if-read-a.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/Revert-x86-return-modified-setup_data-only-if-read-a.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,162 @@
+From ae80d81cfa865cbe443543679e013e7fa5fcd12c Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Wed, 8 Feb 2023 16:04:40 -0500
+Subject: Revert "x86: return modified setup_data only if read as memory, not as file"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit e935b735085dfa61d8e6d276b6f9e7687796a3c7.
+
+Fixes: e935b73508 ("x86: return modified setup_data only if read as memory, not as file")
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Tested-by: Dov Murik <dovmurik@linux.ibm.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ hw/i386/x86.c | 46 +++++++++------------------------------
+ hw/nvram/fw_cfg.c | 12 +++++-----
+ include/hw/nvram/fw_cfg.h | 22 -------------------
+ 3 files changed, 16 insertions(+), 64 deletions(-)
+
+diff --git a/hw/i386/x86.c b/hw/i386/x86.c
+index 66cf171ace..ed161a3409 100644
+--- a/hw/i386/x86.c
++++ b/hw/i386/x86.c
+@@ -36,7 +36,6 @@
+ #include "sysemu/whpx.h"
+ #include "sysemu/numa.h"
+ #include "sysemu/replay.h"
+-#include "sysemu/reset.h"
+ #include "sysemu/sysemu.h"
+ #include "sysemu/cpu-timers.h"
+ #include "sysemu/xen.h"
+@@ -770,24 +769,6 @@ static bool load_elfboot(const char *kernel_filename,
+ return true;
+ }
+
+-typedef struct SetupDataFixup {
+- void *pos;
+- hwaddr orig_val, new_val;
+- uint32_t addr;
+-} SetupDataFixup;
+-
+-static void fixup_setup_data(void *opaque)
+-{
+- SetupDataFixup *fixup = opaque;
+- stq_p(fixup->pos, fixup->new_val);
+-}
+-
+-static void reset_setup_data(void *opaque)
+-{
+- SetupDataFixup *fixup = opaque;
+- stq_p(fixup->pos, fixup->orig_val);
+-}
+-
+ void x86_load_linux(X86MachineState *x86ms,
+ FWCfgState *fw_cfg,
+ int acpi_data_size,
+@@ -1112,11 +1093,8 @@ void x86_load_linux(X86MachineState *x86ms,
+ qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH);
+ }
+
+- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr);
+- fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
+- fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size);
+- sev_load_ctx.kernel_data = (char *)kernel;
+- sev_load_ctx.kernel_size = kernel_size;
++ /* Offset 0x250 is a pointer to the first setup_data link. */
++ stq_p(header + 0x250, first_setup_data);
+
+ /*
+ * If we're starting an encrypted VM, it will be OVMF based, which uses the
+@@ -1126,20 +1104,16 @@ void x86_load_linux(X86MachineState *x86ms,
+ * file the user passed in.
+ */
+ if (!sev_enabled()) {
+- SetupDataFixup *fixup = g_malloc(sizeof(*fixup));
+-
+ memcpy(setup, header, MIN(sizeof(header), setup_size));
+- /* Offset 0x250 is a pointer to the first setup_data link. */
+- fixup->pos = setup + 0x250;
+- fixup->orig_val = ldq_p(fixup->pos);
+- fixup->new_val = first_setup_data;
+- fixup->addr = cpu_to_le32(real_addr);
+- fw_cfg_add_bytes_callback(fw_cfg, FW_CFG_SETUP_ADDR, fixup_setup_data, NULL,
+- fixup, &fixup->addr, sizeof(fixup->addr), true);
+- qemu_register_reset(reset_setup_data, fixup);
+- } else {
+- fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr);
+ }
++
++ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr);
++ fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
++ fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size);
++ sev_load_ctx.kernel_data = (char *)kernel;
++ sev_load_ctx.kernel_size = kernel_size;
++
++ fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr);
+ fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size);
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_DATA, setup, setup_size);
+ sev_load_ctx.setup_data = (char *)setup;
+diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
+index a00881bc64..29a5bef1d5 100644
+--- a/hw/nvram/fw_cfg.c
++++ b/hw/nvram/fw_cfg.c
+@@ -693,12 +693,12 @@ static const VMStateDescription vmstate_fw_cfg = {
+ }
+ };
+
+-void fw_cfg_add_bytes_callback(FWCfgState *s, uint16_t key,
+- FWCfgCallback select_cb,
+- FWCfgWriteCallback write_cb,
+- void *callback_opaque,
+- void *data, size_t len,
+- bool read_only)
++static void fw_cfg_add_bytes_callback(FWCfgState *s, uint16_t key,
++ FWCfgCallback select_cb,
++ FWCfgWriteCallback write_cb,
++ void *callback_opaque,
++ void *data, size_t len,
++ bool read_only)
+ {
+ int arch = !!(key & FW_CFG_ARCH_LOCAL);
+
+diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
+index 2e503904dc..c1f81a5f13 100644
+--- a/include/hw/nvram/fw_cfg.h
++++ b/include/hw/nvram/fw_cfg.h
+@@ -117,28 +117,6 @@ struct FWCfgMemState {
+ */
+ void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len);
+
+-/**
+- * fw_cfg_add_bytes_callback:
+- * @s: fw_cfg device being modified
+- * @key: selector key value for new fw_cfg item
+- * @select_cb: callback function when selecting
+- * @write_cb: callback function after a write
+- * @callback_opaque: argument to be passed into callback function
+- * @data: pointer to start of item data
+- * @len: size of item data
+- * @read_only: is file read only
+- *
+- * Add a new fw_cfg item, available by selecting the given key, as a raw
+- * "blob" of the given size. The data referenced by the starting pointer
+- * is only linked, NOT copied, into the data structure of the fw_cfg device.
+- */
+-void fw_cfg_add_bytes_callback(FWCfgState *s, uint16_t key,
+- FWCfgCallback select_cb,
+- FWCfgWriteCallback write_cb,
+- void *callback_opaque,
+- void *data, size_t len,
+- bool read_only);
+-
+ /**
+ * fw_cfg_add_string:
+ * @s: fw_cfg device being modified
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/Revert-x86-use-typedef-for-SetupData-struct.patch qemu-7.2+dfsg/debian/patches/master/Revert-x86-use-typedef-for-SetupData-struct.patch
--- qemu-7.2+dfsg/debian/patches/master/Revert-x86-use-typedef-for-SetupData-struct.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/Revert-x86-use-typedef-for-SetupData-struct.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,78 @@
+From ea96a784773259d469f3f2465f09e04eabb80a66 Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Wed, 8 Feb 2023 15:55:41 -0500
+Subject: Revert "x86: use typedef for SetupData struct"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit eebb38a5633a77f5fa79d6486d5b2fcf8fbe3c07.
+
+Fixes: eebb38a563 ("x86: use typedef for SetupData struct")
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Tested-by: Dov Murik <dovmurik@linux.ibm.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ hw/i386/x86.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/hw/i386/x86.c b/hw/i386/x86.c
+index 278dd54830..66cf171ace 100644
+--- a/hw/i386/x86.c
++++ b/hw/i386/x86.c
+@@ -658,12 +658,12 @@ DeviceState *ioapic_init_secondary(GSIState *gsi_state)
+ return dev;
+ }
+
+-typedef struct SetupData {
++struct setup_data {
+ uint64_t next;
+ uint32_t type;
+ uint32_t len;
+ uint8_t data[];
+-} __attribute__((packed)) SetupData;
++} __attribute__((packed));
+
+
+ /*
+@@ -804,7 +804,7 @@ void x86_load_linux(X86MachineState *x86ms,
+ FILE *f;
+ char *vmode;
+ MachineState *machine = MACHINE(x86ms);
+- SetupData *setup_data;
++ struct setup_data *setup_data;
+ const char *kernel_filename = machine->kernel_filename;
+ const char *initrd_filename = machine->initrd_filename;
+ const char *dtb_filename = machine->dtb;
+@@ -1087,11 +1087,11 @@ void x86_load_linux(X86MachineState *x86ms,
+ }
+
+ setup_data_offset = QEMU_ALIGN_UP(kernel_size, 16);
+- kernel_size = setup_data_offset + sizeof(SetupData) + dtb_size;
++ kernel_size = setup_data_offset + sizeof(struct setup_data) + dtb_size;
+ kernel = g_realloc(kernel, kernel_size);
+
+
+- setup_data = (SetupData *)(kernel + setup_data_offset);
++ setup_data = (struct setup_data *)(kernel + setup_data_offset);
+ setup_data->next = cpu_to_le64(first_setup_data);
+ first_setup_data = prot_addr + setup_data_offset;
+ setup_data->type = cpu_to_le32(SETUP_DTB);
+@@ -1102,9 +1102,9 @@ void x86_load_linux(X86MachineState *x86ms,
+
+ if (!legacy_no_rng_seed) {
+ setup_data_offset = QEMU_ALIGN_UP(kernel_size, 16);
+- kernel_size = setup_data_offset + sizeof(SetupData) + RNG_SEED_LENGTH;
++ kernel_size = setup_data_offset + sizeof(struct setup_data) + RNG_SEED_LENGTH;
+ kernel = g_realloc(kernel, kernel_size);
+- setup_data = (SetupData *)(kernel + setup_data_offset);
++ setup_data = (struct setup_data *)(kernel + setup_data_offset);
+ setup_data->next = cpu_to_le64(first_setup_data);
+ first_setup_data = prot_addr + setup_data_offset;
+ setup_data->type = cpu_to_le32(SETUP_RNG_SEED);
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/target-i386-fix-ADOX-followed-by-ADCX.patch qemu-7.2+dfsg/debian/patches/master/target-i386-fix-ADOX-followed-by-ADCX.patch
--- qemu-7.2+dfsg/debian/patches/master/target-i386-fix-ADOX-followed-by-ADCX.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/target-i386-fix-ADOX-followed-by-ADCX.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,193 @@
+From 60c7dd22e1383754d5f150bc9f7c2785c662a7b6 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 31 Jan 2023 09:48:03 +0100
+Subject: target/i386: fix ADOX followed by ADCX
+
+When ADCX is followed by ADOX or vice versa, the second instruction's
+carry comes from EFLAGS and the condition codes use the CC_OP_ADCOX
+operation. Retrieving the carry from EFLAGS is handled by this bit
+of gen_ADCOX:
+
+ tcg_gen_extract_tl(carry_in, cpu_cc_src,
+ ctz32(cc_op == CC_OP_ADCX ? CC_C : CC_O), 1);
+
+Unfortunately, in this case cc_op has been overwritten by the previous
+"if" statement to CC_OP_ADCOX. This works by chance when the first
+instruction is ADCX; however, if the first instruction is ADOX,
+ADCX will incorrectly take its carry from OF instead of CF.
+
+Fix by moving the computation of the new cc_op at the end of the function.
+The included exhaustive test case fails without this patch and passes
+afterwards.
+
+Because ADCX/ADOX need not be invoked through the VEX prefix, this
+regression bisects to commit 16fc5726a6e2 ("target/i386: reimplement
+0x0f 0x38, add AVX", 2022-10-18). However, the mistake happened a
+little earlier, when BMI instructions were rewritten using the new
+decoder framework.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1471
+Reported-by: Paul Jolly <https://gitlab.com/myitcv>
+Fixes: 1d0b926150e5 ("target/i386: move scalar 0F 38 and 0F 3A instruction to new decoder", 2022-10-18)
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ target/i386/tcg/emit.c.inc | 20 +++++----
+ tests/tcg/i386/Makefile.target | 6 ++-
+ tests/tcg/i386/test-i386-adcox.c | 75 ++++++++++++++++++++++++++++++++
+ 3 files changed, 91 insertions(+), 10 deletions(-)
+ create mode 100644 tests/tcg/i386/test-i386-adcox.c
+
+diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
+index 4d7702c106..0d7c6e80ae 100644
+--- a/target/i386/tcg/emit.c.inc
++++ b/target/i386/tcg/emit.c.inc
+@@ -1015,6 +1015,7 @@ VSIB_AVX(VPGATHERQ, vpgatherq)
+
+ static void gen_ADCOX(DisasContext *s, CPUX86State *env, MemOp ot, int cc_op)
+ {
++ int opposite_cc_op;
+ TCGv carry_in = NULL;
+ TCGv carry_out = (cc_op == CC_OP_ADCX ? cpu_cc_dst : cpu_cc_src2);
+ TCGv zero;
+@@ -1022,14 +1023,8 @@ static void gen_ADCOX(DisasContext *s, CPUX86State *env, MemOp ot, int cc_op)
+ if (cc_op == s->cc_op || s->cc_op == CC_OP_ADCOX) {
+ /* Re-use the carry-out from a previous round. */
+ carry_in = carry_out;
+- cc_op = s->cc_op;
+- } else if (s->cc_op == CC_OP_ADCX || s->cc_op == CC_OP_ADOX) {
+- /* Merge with the carry-out from the opposite instruction. */
+- cc_op = CC_OP_ADCOX;
+- }
+-
+- /* If we don't have a carry-in, get it out of EFLAGS. */
+- if (!carry_in) {
++ } else {
++ /* We don't have a carry-in, get it out of EFLAGS. */
+ if (s->cc_op != CC_OP_ADCX && s->cc_op != CC_OP_ADOX) {
+ gen_compute_eflags(s);
+ }
+@@ -1053,7 +1048,14 @@ static void gen_ADCOX(DisasContext *s, CPUX86State *env, MemOp ot, int cc_op)
+ tcg_gen_add2_tl(s->T0, carry_out, s->T0, carry_out, s->T1, zero);
+ break;
+ }
+- set_cc_op(s, cc_op);
++
++ opposite_cc_op = cc_op == CC_OP_ADCX ? CC_OP_ADOX : CC_OP_ADCX;
++ if (s->cc_op == CC_OP_ADCOX || s->cc_op == opposite_cc_op) {
++ /* Merge with the carry-out from the opposite instruction. */
++ set_cc_op(s, CC_OP_ADCOX);
++ } else {
++ set_cc_op(s, cc_op);
++ }
+ }
+
+ static void gen_ADCX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+diff --git a/tests/tcg/i386/Makefile.target b/tests/tcg/i386/Makefile.target
+index 81831cafbc..bafd8c2180 100644
+--- a/tests/tcg/i386/Makefile.target
++++ b/tests/tcg/i386/Makefile.target
+@@ -14,7 +14,7 @@ config-cc.mak: Makefile
+ I386_SRCS=$(notdir $(wildcard $(I386_SRC)/*.c))
+ ALL_X86_TESTS=$(I386_SRCS:.c=)
+ SKIP_I386_TESTS=test-i386-ssse3 test-avx test-3dnow test-mmx
+-X86_64_TESTS:=$(filter test-i386-bmi2 $(SKIP_I386_TESTS), $(ALL_X86_TESTS))
++X86_64_TESTS:=$(filter test-i386-adcox test-i386-bmi2 $(SKIP_I386_TESTS), $(ALL_X86_TESTS))
+
+ test-i386-sse-exceptions: CFLAGS += -msse4.1 -mfpmath=sse
+ run-test-i386-sse-exceptions: QEMU_OPTS += -cpu max
+@@ -28,6 +28,10 @@ test-i386-bmi2: CFLAGS=-O2
+ run-test-i386-bmi2: QEMU_OPTS += -cpu max
+ run-plugin-test-i386-bmi2-%: QEMU_OPTS += -cpu max
+
++test-i386-adcox: CFLAGS=-O2
++run-test-i386-adcox: QEMU_OPTS += -cpu max
++run-plugin-test-i386-adcox-%: QEMU_OPTS += -cpu max
++
+ #
+ # hello-i386 is a barebones app
+ #
+diff --git a/tests/tcg/i386/test-i386-adcox.c b/tests/tcg/i386/test-i386-adcox.c
+new file mode 100644
+index 0000000000..16169efff8
+--- /dev/null
++++ b/tests/tcg/i386/test-i386-adcox.c
+@@ -0,0 +1,75 @@
++/* See if various BMI2 instructions give expected results */
++#include <assert.h>
++#include <stdint.h>
++#include <stdio.h>
++
++#define CC_C 1
++#define CC_O (1 << 11)
++
++#ifdef __x86_64__
++#define REG uint64_t
++#else
++#define REG uint32_t
++#endif
++
++void test_adox_adcx(uint32_t in_c, uint32_t in_o, REG adcx_operand, REG adox_operand)
++{
++ REG flags;
++ REG out_adcx, out_adox;
++
++ asm("pushf; pop %0" : "=r"(flags));
++ flags &= ~(CC_C | CC_O);
++ flags |= (in_c ? CC_C : 0);
++ flags |= (in_o ? CC_O : 0);
++
++ out_adcx = adcx_operand;
++ out_adox = adox_operand;
++ asm("push %0; popf;"
++ "adox %3, %2;"
++ "adcx %3, %1;"
++ "pushf; pop %0"
++ : "+r" (flags), "+r" (out_adcx), "+r" (out_adox)
++ : "r" ((REG)-1), "0" (flags), "1" (out_adcx), "2" (out_adox));
++
++ assert(out_adcx == in_c + adcx_operand - 1);
++ assert(out_adox == in_o + adox_operand - 1);
++ assert(!!(flags & CC_C) == (in_c || adcx_operand));
++ assert(!!(flags & CC_O) == (in_o || adox_operand));
++}
++
++void test_adcx_adox(uint32_t in_c, uint32_t in_o, REG adcx_operand, REG adox_operand)
++{
++ REG flags;
++ REG out_adcx, out_adox;
++
++ asm("pushf; pop %0" : "=r"(flags));
++ flags &= ~(CC_C | CC_O);
++ flags |= (in_c ? CC_C : 0);
++ flags |= (in_o ? CC_O : 0);
++
++ out_adcx = adcx_operand;
++ out_adox = adox_operand;
++ asm("push %0; popf;"
++ "adcx %3, %1;"
++ "adox %3, %2;"
++ "pushf; pop %0"
++ : "+r" (flags), "+r" (out_adcx), "+r" (out_adox)
++ : "r" ((REG)-1), "0" (flags), "1" (out_adcx), "2" (out_adox));
++
++ assert(out_adcx == in_c + adcx_operand - 1);
++ assert(out_adox == in_o + adox_operand - 1);
++ assert(!!(flags & CC_C) == (in_c || adcx_operand));
++ assert(!!(flags & CC_O) == (in_o || adox_operand));
++}
++
++int main(int argc, char *argv[]) {
++ /* try all combinations of input CF, input OF, CF from op1+op2, OF from op2+op1 */
++ int i;
++ for (i = 0; i <= 15; i++) {
++ printf("%d\n", i);
++ test_adcx_adox(!!(i & 1), !!(i & 2), !!(i & 4), !!(i & 8));
++ test_adox_adcx(!!(i & 1), !!(i & 2), !!(i & 4), !!(i & 8));
++ }
++ return 0;
++}
++
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-BEXTR-instruction.patch qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-BEXTR-instruction.patch
--- qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-BEXTR-instruction.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-BEXTR-instruction.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,98 @@
+From b14c0098975264ed03144f145bca0179a6763a07 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Sat, 14 Jan 2023 13:05:42 -1000
+Subject: target/i386: Fix BEXTR instruction
+
+There were two problems here: not limiting the input to operand bits,
+and not correctly handling large extraction length.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1372
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-Id: <20230114230542.3116013-3-richard.henderson@linaro.org>
+Cc: qemu-stable@nongnu.org
+Fixes: 1d0b926150e5 ("target/i386: move scalar 0F 38 and 0F 3A instruction to new decoder", 2022-10-18)
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ target/i386/tcg/emit.c.inc | 22 +++++++++++-----------
+ tests/tcg/i386/test-i386-bmi2.c | 12 ++++++++++++
+ 2 files changed, 23 insertions(+), 11 deletions(-)
+
+diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
+index 7037ff91c6..99f6ba6e19 100644
+--- a/target/i386/tcg/emit.c.inc
++++ b/target/i386/tcg/emit.c.inc
+@@ -1078,30 +1078,30 @@ static void gen_ANDN(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+ static void gen_BEXTR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+ {
+ MemOp ot = decode->op[0].ot;
+- TCGv bound, zero;
++ TCGv bound = tcg_constant_tl(ot == MO_64 ? 63 : 31);
++ TCGv zero = tcg_constant_tl(0);
++ TCGv mone = tcg_constant_tl(-1);
+
+ /*
+ * Extract START, and shift the operand.
+ * Shifts larger than operand size get zeros.
+ */
+ tcg_gen_ext8u_tl(s->A0, s->T1);
++ if (TARGET_LONG_BITS == 64 && ot == MO_32) {
++ tcg_gen_ext32u_tl(s->T0, s->T0);
++ }
+ tcg_gen_shr_tl(s->T0, s->T0, s->A0);
+
+- bound = tcg_constant_tl(ot == MO_64 ? 63 : 31);
+- zero = tcg_constant_tl(0);
+ tcg_gen_movcond_tl(TCG_COND_LEU, s->T0, s->A0, bound, s->T0, zero);
+
+ /*
+- * Extract the LEN into a mask. Lengths larger than
+- * operand size get all ones.
++ * Extract the LEN into an inverse mask. Lengths larger than
++ * operand size get all zeros, length 0 gets all ones.
+ */
+ tcg_gen_extract_tl(s->A0, s->T1, 8, 8);
+- tcg_gen_movcond_tl(TCG_COND_LEU, s->A0, s->A0, bound, s->A0, bound);
+-
+- tcg_gen_movi_tl(s->T1, 1);
+- tcg_gen_shl_tl(s->T1, s->T1, s->A0);
+- tcg_gen_subi_tl(s->T1, s->T1, 1);
+- tcg_gen_and_tl(s->T0, s->T0, s->T1);
++ tcg_gen_shl_tl(s->T1, mone, s->A0);
++ tcg_gen_movcond_tl(TCG_COND_LEU, s->T1, s->A0, bound, s->T1, zero);
++ tcg_gen_andc_tl(s->T0, s->T0, s->T1);
+
+ gen_op_update1_cc(s);
+ set_cc_op(s, CC_OP_LOGICB + ot);
+diff --git a/tests/tcg/i386/test-i386-bmi2.c b/tests/tcg/i386/test-i386-bmi2.c
+index 3c3ef85513..982d4abda4 100644
+--- a/tests/tcg/i386/test-i386-bmi2.c
++++ b/tests/tcg/i386/test-i386-bmi2.c
+@@ -99,6 +99,9 @@ int main(int argc, char *argv[]) {
+ result = bextrq(mask, 0x10f8);
+ assert(result == 0);
+
++ result = bextrq(0xfedcba9876543210ull, 0x7f00);
++ assert(result == 0xfedcba9876543210ull);
++
+ result = blsiq(0x30);
+ assert(result == 0x10);
+
+@@ -164,6 +167,15 @@ int main(int argc, char *argv[]) {
+ result = bextrl(mask, 0x1038);
+ assert(result == 0);
+
++ result = bextrl((reg_t)0x8f635a775ad3b9b4ull, 0x3018);
++ assert(result == 0x5a);
++
++ result = bextrl((reg_t)0xfedcba9876543210ull, 0x7f00);
++ assert(result == 0x76543210u);
++
++ result = bextrl(-1, 0);
++ assert(result == 0);
++
+ result = blsil(0xffff);
+ assert(result == 1);
+
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-BZHI-instruction.patch qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-BZHI-instruction.patch
--- qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-BZHI-instruction.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-BZHI-instruction.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,65 @@
+From 9ad2ba6e8e7fc195d0dd0b76ab38bd2fceb1bdd4 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Sat, 14 Jan 2023 13:32:06 -1000
+Subject: target/i386: Fix BZHI instruction
+
+We did not correctly handle N >= operand size.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1374
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-Id: <20230114233206.3118472-1-richard.henderson@linaro.org>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ target/i386/tcg/emit.c.inc | 14 +++++++-------
+ tests/tcg/i386/test-i386-bmi2.c | 3 +++
+ 2 files changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
+index e61ae9a2e9..0d01e13002 100644
+--- a/target/i386/tcg/emit.c.inc
++++ b/target/i386/tcg/emit.c.inc
+@@ -1147,20 +1147,20 @@ static void gen_BLSR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+ static void gen_BZHI(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+ {
+ MemOp ot = decode->op[0].ot;
+- TCGv bound;
++ TCGv bound = tcg_constant_tl(ot == MO_64 ? 63 : 31);
++ TCGv zero = tcg_constant_tl(0);
++ TCGv mone = tcg_constant_tl(-1);
+
+- tcg_gen_ext8u_tl(s->T1, cpu_regs[s->vex_v]);
+- bound = tcg_constant_tl(ot == MO_64 ? 63 : 31);
++ tcg_gen_ext8u_tl(s->T1, s->T1);
+
+ /*
+ * Note that since we're using BMILG (in order to get O
+ * cleared) we need to store the inverse into C.
+ */
+- tcg_gen_setcond_tl(TCG_COND_LT, cpu_cc_src, s->T1, bound);
+- tcg_gen_movcond_tl(TCG_COND_GT, s->T1, s->T1, bound, bound, s->T1);
++ tcg_gen_setcond_tl(TCG_COND_LEU, cpu_cc_src, s->T1, bound);
+
+- tcg_gen_movi_tl(s->A0, -1);
+- tcg_gen_shl_tl(s->A0, s->A0, s->T1);
++ tcg_gen_shl_tl(s->A0, mone, s->T1);
++ tcg_gen_movcond_tl(TCG_COND_LEU, s->A0, s->T1, bound, s->A0, zero);
+ tcg_gen_andc_tl(s->T0, s->T0, s->A0);
+
+ gen_op_update1_cc(s);
+diff --git a/tests/tcg/i386/test-i386-bmi2.c b/tests/tcg/i386/test-i386-bmi2.c
+index 982d4abda4..0244df7987 100644
+--- a/tests/tcg/i386/test-i386-bmi2.c
++++ b/tests/tcg/i386/test-i386-bmi2.c
+@@ -123,6 +123,9 @@ int main(int argc, char *argv[]) {
+ result = bzhiq(mask, 0x1f);
+ assert(result == (mask & ~(-1 << 30)));
+
++ result = bzhiq(mask, 0x40);
++ assert(result == mask);
++
+ result = rorxq(0x2132435465768798, 8);
+ assert(result == 0x9821324354657687);
+
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
--- qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,48 @@
+From 99282098dc74c2055bde5652bde6cf0067d0c370 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Sat, 14 Jan 2023 08:06:01 -1000
+Subject: target/i386: Fix C flag for BLSI, BLSMSK, BLSR
+
+We forgot to set cc_src, which is used for computing C.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1370
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-Id: <20230114180601.2993644-1-richard.henderson@linaro.org>
+Cc: qemu-stable@nongnu.org
+Fixes: 1d0b926150e5 ("target/i386: move scalar 0F 38 and 0F 3A instruction to new decoder", 2022-10-18)
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ target/i386/tcg/emit.c.inc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
+index 99f6ba6e19..4d7702c106 100644
+--- a/target/i386/tcg/emit.c.inc
++++ b/target/i386/tcg/emit.c.inc
+@@ -1111,6 +1111,7 @@ static void gen_BLSI(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+ {
+ MemOp ot = decode->op[0].ot;
+
++ tcg_gen_mov_tl(cpu_cc_src, s->T0);
+ tcg_gen_neg_tl(s->T1, s->T0);
+ tcg_gen_and_tl(s->T0, s->T0, s->T1);
+ tcg_gen_mov_tl(cpu_cc_dst, s->T0);
+@@ -1121,6 +1122,7 @@ static void gen_BLSMSK(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode
+ {
+ MemOp ot = decode->op[0].ot;
+
++ tcg_gen_mov_tl(cpu_cc_src, s->T0);
+ tcg_gen_subi_tl(s->T1, s->T0, 1);
+ tcg_gen_xor_tl(s->T0, s->T0, s->T1);
+ tcg_gen_mov_tl(cpu_cc_dst, s->T0);
+@@ -1131,6 +1133,7 @@ static void gen_BLSR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+ {
+ MemOp ot = decode->op[0].ot;
+
++ tcg_gen_mov_tl(cpu_cc_src, s->T0);
+ tcg_gen_subi_tl(s->T1, s->T0, 1);
+ tcg_gen_and_tl(s->T0, s->T0, s->T1);
+ tcg_gen_mov_tl(cpu_cc_dst, s->T0);
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch qemu-7.2+dfsg/debian/patches/master/tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch
--- qemu-7.2+dfsg/debian/patches/master/tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,287 @@
+From 5d62d6649cd367b5b4a3676e7514d2f9ca86cb03 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Sat, 14 Jan 2023 13:05:41 -1000
+Subject: tests/tcg/i386: Introduce and use reg_t consistently
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Define reg_t based on the actual register width.
+Define the inlines using that type. This will allow
+input registers to 32-bit insns to be set to 64-bit
+values on x86-64, which allows testing various edge cases.
+
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Message-Id: <20230114230542.3116013-2-richard.henderson@linaro.org>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ tests/tcg/i386/test-i386-bmi2.c | 182 ++++++++++++++++----------------
+ 1 file changed, 93 insertions(+), 89 deletions(-)
+
+diff --git a/tests/tcg/i386/test-i386-bmi2.c b/tests/tcg/i386/test-i386-bmi2.c
+index 5fadf47510..3c3ef85513 100644
+--- a/tests/tcg/i386/test-i386-bmi2.c
++++ b/tests/tcg/i386/test-i386-bmi2.c
+@@ -3,34 +3,40 @@
+ #include <stdint.h>
+ #include <stdio.h>
+
++#ifdef __x86_64
++typedef uint64_t reg_t;
++#else
++typedef uint32_t reg_t;
++#endif
++
+ #define insn1q(name, arg0) \
+-static inline uint64_t name##q(uint64_t arg0) \
++static inline reg_t name##q(reg_t arg0) \
+ { \
+- uint64_t result64; \
++ reg_t result64; \
+ asm volatile (#name "q %1, %0" : "=r"(result64) : "rm"(arg0)); \
+ return result64; \
+ }
+
+ #define insn1l(name, arg0) \
+-static inline uint32_t name##l(uint32_t arg0) \
++static inline reg_t name##l(reg_t arg0) \
+ { \
+- uint32_t result32; \
++ reg_t result32; \
+ asm volatile (#name "l %k1, %k0" : "=r"(result32) : "rm"(arg0)); \
+ return result32; \
+ }
+
+ #define insn2q(name, arg0, c0, arg1, c1) \
+-static inline uint64_t name##q(uint64_t arg0, uint64_t arg1) \
++static inline reg_t name##q(reg_t arg0, reg_t arg1) \
+ { \
+- uint64_t result64; \
++ reg_t result64; \
+ asm volatile (#name "q %2, %1, %0" : "=r"(result64) : c0(arg0), c1(arg1)); \
+ return result64; \
+ }
+
+ #define insn2l(name, arg0, c0, arg1, c1) \
+-static inline uint32_t name##l(uint32_t arg0, uint32_t arg1) \
++static inline reg_t name##l(reg_t arg0, reg_t arg1) \
+ { \
+- uint32_t result32; \
++ reg_t result32; \
+ asm volatile (#name "l %k2, %k1, %k0" : "=r"(result32) : c0(arg0), c1(arg1)); \
+ return result32; \
+ }
+@@ -65,130 +71,128 @@ insn1l(blsr, src)
+ int main(int argc, char *argv[]) {
+ uint64_t ehlo = 0x202020204f4c4845ull;
+ uint64_t mask = 0xa080800302020001ull;
+- uint32_t result32;
++ reg_t result;
+
+ #ifdef __x86_64
+- uint64_t result64;
+-
+ /* 64 bits */
+- result64 = andnq(mask, ehlo);
+- assert(result64 == 0x002020204d4c4844);
++ result = andnq(mask, ehlo);
++ assert(result == 0x002020204d4c4844);
+
+- result64 = pextq(ehlo, mask);
+- assert(result64 == 133);
++ result = pextq(ehlo, mask);
++ assert(result == 133);
+
+- result64 = pdepq(result64, mask);
+- assert(result64 == (ehlo & mask));
++ result = pdepq(result, mask);
++ assert(result == (ehlo & mask));
+
+- result64 = pextq(-1ull, mask);
+- assert(result64 == 511); /* mask has 9 bits set */
++ result = pextq(-1ull, mask);
++ assert(result == 511); /* mask has 9 bits set */
+
+- result64 = pdepq(-1ull, mask);
+- assert(result64 == mask);
++ result = pdepq(-1ull, mask);
++ assert(result == mask);
+
+- result64 = bextrq(mask, 0x3f00);
+- assert(result64 == (mask & ~INT64_MIN));
++ result = bextrq(mask, 0x3f00);
++ assert(result == (mask & ~INT64_MIN));
+
+- result64 = bextrq(mask, 0x1038);
+- assert(result64 == 0xa0);
++ result = bextrq(mask, 0x1038);
++ assert(result == 0xa0);
+
+- result64 = bextrq(mask, 0x10f8);
+- assert(result64 == 0);
++ result = bextrq(mask, 0x10f8);
++ assert(result == 0);
+
+- result64 = blsiq(0x30);
+- assert(result64 == 0x10);
++ result = blsiq(0x30);
++ assert(result == 0x10);
+
+- result64 = blsiq(0x30ull << 32);
+- assert(result64 == 0x10ull << 32);
++ result = blsiq(0x30ull << 32);
++ assert(result == 0x10ull << 32);
+
+- result64 = blsmskq(0x30);
+- assert(result64 == 0x1f);
++ result = blsmskq(0x30);
++ assert(result == 0x1f);
+
+- result64 = blsrq(0x30);
+- assert(result64 == 0x20);
++ result = blsrq(0x30);
++ assert(result == 0x20);
+
+- result64 = blsrq(0x30ull << 32);
+- assert(result64 == 0x20ull << 32);
++ result = blsrq(0x30ull << 32);
++ assert(result == 0x20ull << 32);
+
+- result64 = bzhiq(mask, 0x3f);
+- assert(result64 == (mask & ~INT64_MIN));
++ result = bzhiq(mask, 0x3f);
++ assert(result == (mask & ~INT64_MIN));
+
+- result64 = bzhiq(mask, 0x1f);
+- assert(result64 == (mask & ~(-1 << 30)));
++ result = bzhiq(mask, 0x1f);
++ assert(result == (mask & ~(-1 << 30)));
+
+- result64 = rorxq(0x2132435465768798, 8);
+- assert(result64 == 0x9821324354657687);
++ result = rorxq(0x2132435465768798, 8);
++ assert(result == 0x9821324354657687);
+
+- result64 = sarxq(0xffeeddccbbaa9988, 8);
+- assert(result64 == 0xffffeeddccbbaa99);
++ result = sarxq(0xffeeddccbbaa9988, 8);
++ assert(result == 0xffffeeddccbbaa99);
+
+- result64 = sarxq(0x77eeddccbbaa9988, 8 | 64);
+- assert(result64 == 0x0077eeddccbbaa99);
++ result = sarxq(0x77eeddccbbaa9988, 8 | 64);
++ assert(result == 0x0077eeddccbbaa99);
+
+- result64 = shrxq(0xffeeddccbbaa9988, 8);
+- assert(result64 == 0x00ffeeddccbbaa99);
++ result = shrxq(0xffeeddccbbaa9988, 8);
++ assert(result == 0x00ffeeddccbbaa99);
+
+- result64 = shrxq(0x77eeddccbbaa9988, 8 | 192);
+- assert(result64 == 0x0077eeddccbbaa99);
++ result = shrxq(0x77eeddccbbaa9988, 8 | 192);
++ assert(result == 0x0077eeddccbbaa99);
+
+- result64 = shlxq(0xffeeddccbbaa9988, 8);
+- assert(result64 == 0xeeddccbbaa998800);
++ result = shlxq(0xffeeddccbbaa9988, 8);
++ assert(result == 0xeeddccbbaa998800);
+ #endif
+
+ /* 32 bits */
+- result32 = andnl(mask, ehlo);
+- assert(result32 == 0x04d4c4844);
++ result = andnl(mask, ehlo);
++ assert(result == 0x04d4c4844);
+
+- result32 = pextl((uint32_t) ehlo, mask);
+- assert(result32 == 5);
++ result = pextl((uint32_t) ehlo, mask);
++ assert(result == 5);
+
+- result32 = pdepl(result32, mask);
+- assert(result32 == (uint32_t)(ehlo & mask));
++ result = pdepl(result, mask);
++ assert(result == (uint32_t)(ehlo & mask));
+
+- result32 = pextl(-1u, mask);
+- assert(result32 == 7); /* mask has 3 bits set */
++ result = pextl(-1u, mask);
++ assert(result == 7); /* mask has 3 bits set */
+
+- result32 = pdepl(-1u, mask);
+- assert(result32 == (uint32_t)mask);
++ result = pdepl(-1u, mask);
++ assert(result == (uint32_t)mask);
+
+- result32 = bextrl(mask, 0x1f00);
+- assert(result32 == (mask & ~INT32_MIN));
++ result = bextrl(mask, 0x1f00);
++ assert(result == (mask & ~INT32_MIN));
+
+- result32 = bextrl(ehlo, 0x1018);
+- assert(result32 == 0x4f);
++ result = bextrl(ehlo, 0x1018);
++ assert(result == 0x4f);
+
+- result32 = bextrl(mask, 0x1038);
+- assert(result32 == 0);
++ result = bextrl(mask, 0x1038);
++ assert(result == 0);
+
+- result32 = blsil(0xffff);
+- assert(result32 == 1);
++ result = blsil(0xffff);
++ assert(result == 1);
+
+- result32 = blsmskl(0x300);
+- assert(result32 == 0x1ff);
++ result = blsmskl(0x300);
++ assert(result == 0x1ff);
+
+- result32 = blsrl(0xffc);
+- assert(result32 == 0xff8);
++ result = blsrl(0xffc);
++ assert(result == 0xff8);
+
+- result32 = bzhil(mask, 0xf);
+- assert(result32 == 1);
++ result = bzhil(mask, 0xf);
++ assert(result == 1);
+
+- result32 = rorxl(0x65768798, 8);
+- assert(result32 == 0x98657687);
++ result = rorxl(0x65768798, 8);
++ assert(result == 0x98657687);
+
+- result32 = sarxl(0xffeeddcc, 8);
+- assert(result32 == 0xffffeedd);
++ result = sarxl(0xffeeddcc, 8);
++ assert(result == 0xffffeedd);
+
+- result32 = sarxl(0x77eeddcc, 8 | 32);
+- assert(result32 == 0x0077eedd);
++ result = sarxl(0x77eeddcc, 8 | 32);
++ assert(result == 0x0077eedd);
+
+- result32 = shrxl(0xffeeddcc, 8);
+- assert(result32 == 0x00ffeedd);
++ result = shrxl(0xffeeddcc, 8);
++ assert(result == 0x00ffeedd);
+
+- result32 = shrxl(0x77eeddcc, 8 | 128);
+- assert(result32 == 0x0077eedd);
++ result = shrxl(0x77eeddcc, 8 | 128);
++ assert(result == 0x0077eedd);
+
+- result32 = shlxl(0xffeeddcc, 8);
+- assert(result32 == 0xeeddcc00);
++ result = shlxl(0xffeeddcc, 8);
++ assert(result == 0xeeddcc00);
+
+ return 0;
+ }
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/vdpa-stop-all-svq-on-device-deletion.patch qemu-7.2+dfsg/debian/patches/master/vdpa-stop-all-svq-on-device-deletion.patch
--- qemu-7.2+dfsg/debian/patches/master/vdpa-stop-all-svq-on-device-deletion.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/vdpa-stop-all-svq-on-device-deletion.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,74 @@
+From c2e5919101c4516bd98263b75bdca62533c9fb77 Mon Sep 17 00:00:00 2001
+From: Eugenio Pérez <eperezma@redhat.com>
+Date: Thu, 9 Feb 2023 18:00:04 +0100
+Subject: vdpa: stop all svq on device deletion
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Not stopping them leave the device in a bad state when virtio-net
+fronted device is unplugged with device_del monitor command.
+
+This is not triggable in regular poweroff or qemu forces shutdown
+because cleanup is called right after vhost_vdpa_dev_start(false). But
+devices hot unplug does not call vdpa device cleanups. This lead to all
+the vhost_vdpa devices without stop the SVQ but the last.
+
+Fix it and clean the code, making it symmetric with
+vhost_vdpa_svqs_start.
+
+Fixes: dff4426fa656 ("vhost: Add Shadow VirtQueue kick forwarding capabilities")
+Reported-by: Lei Yang <leiyang@redhat.com>
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20230209170004.899472-1-eperezma@redhat.com>
+Tested-by: Laurent Vivier <lvivier@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 2e1a9de96b487cf818a22d681cad8d3f5d18dcca)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+---
+ hw/virtio/vhost-vdpa.c | 17 ++---------------
+ 1 file changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 7468e44b87..03c78d25d8 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -707,26 +707,11 @@ static int vhost_vdpa_get_device_id(struct vhost_dev *dev,
+ return ret;
+ }
+
+-static void vhost_vdpa_reset_svq(struct vhost_vdpa *v)
+-{
+- if (!v->shadow_vqs_enabled) {
+- return;
+- }
+-
+- for (unsigned i = 0; i < v->shadow_vqs->len; ++i) {
+- VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);
+- vhost_svq_stop(svq);
+- }
+-}
+-
+ static int vhost_vdpa_reset_device(struct vhost_dev *dev)
+ {
+- struct vhost_vdpa *v = dev->opaque;
+ int ret;
+ uint8_t status = 0;
+
+- vhost_vdpa_reset_svq(v);
+-
+ ret = vhost_vdpa_call(dev, VHOST_VDPA_SET_STATUS, &status);
+ trace_vhost_vdpa_reset_device(dev, status);
+ return ret;
+@@ -1088,6 +1073,8 @@ static void vhost_vdpa_svqs_stop(struct vhost_dev *dev)
+
+ for (unsigned i = 0; i < v->shadow_vqs->len; ++i) {
+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);
++
++ vhost_svq_stop(svq);
+ vhost_vdpa_svq_unmap_rings(dev, svq);
+ }
+ }
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/vhost-avoid-a-potential-use-of-an-uninitialized-vari.patch qemu-7.2+dfsg/debian/patches/master/vhost-avoid-a-potential-use-of-an-uninitialized-vari.patch
--- qemu-7.2+dfsg/debian/patches/master/vhost-avoid-a-potential-use-of-an-uninitialized-vari.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/vhost-avoid-a-potential-use-of-an-uninitialized-vari.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,132 @@
+From e4dd39c699b7d63a06f686ec06ded8adbee989c1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Carlos=20L=C3=B3pez?= <clopez@suse.de>
+Date: Mon, 13 Feb 2023 09:57:47 +0100
+Subject: vhost: avoid a potential use of an uninitialized variable in vhost_svq_poll()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In vhost_svq_poll(), if vhost_svq_get_buf() fails due to a device
+providing invalid descriptors, len is left uninitialized and returned
+to the caller, potentally leaking stack data or causing undefined
+behavior.
+
+Fix this by initializing len to 0.
+
+Found with GCC 13 and -fanalyzer (abridged):
+
+../hw/virtio/vhost-shadow-virtqueue.c: In function ‘vhost_svq_poll’:
+../hw/virtio/vhost-shadow-virtqueue.c:538:12: warning: use of uninitialized value ‘len’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
+ 538 | return len;
+ | ^~~
+ ‘vhost_svq_poll’: events 1-4
+ |
+ | 522 | size_t vhost_svq_poll(VhostShadowVirtqueue *svq)
+ | | ^~~~~~~~~~~~~~
+ | | |
+ | | (1) entry to ‘vhost_svq_poll’
+ |......
+ | 525 | uint32_t len;
+ | | ~~~
+ | | |
+ | | (2) region created on stack here
+ | | (3) capacity: 4 bytes
+ |......
+ | 528 | if (vhost_svq_more_used(svq)) {
+ | | ~
+ | | |
+ | | (4) inlined call to ‘vhost_svq_more_used’ from ‘vhost_svq_poll’
+
+ (...)
+
+ | 528 | if (vhost_svq_more_used(svq)) {
+ | | ^~~~~~~~~~~~~~~~~~~~~~~~~
+ | | ||
+ | | |(8) ...to here
+ | | (7) following ‘true’ branch...
+ |......
+ | 537 | vhost_svq_get_buf(svq, &len);
+ | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ | | |
+ | | (9) calling ‘vhost_svq_get_buf’ from ‘vhost_svq_poll’
+ |
+ +--> ‘vhost_svq_get_buf’: events 10-11
+ |
+ | 416 | static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ | | ^~~~~~~~~~~~~~~~~
+ | | |
+ | | (10) entry to ‘vhost_svq_get_buf’
+ |......
+ | 423 | if (!vhost_svq_more_used(svq)) {
+ | | ~
+ | | |
+ | | (11) inlined call to ‘vhost_svq_more_used’ from ‘vhost_svq_get_buf’
+ |
+
+ (...)
+
+ |
+ ‘vhost_svq_get_buf’: event 14
+ |
+ | 423 | if (!vhost_svq_more_used(svq)) {
+ | | ^
+ | | |
+ | | (14) following ‘false’ branch...
+ |
+ ‘vhost_svq_get_buf’: event 15
+ |
+ |cc1:
+ | (15): ...to here
+ |
+ <------+
+ |
+ ‘vhost_svq_poll’: events 16-17
+ |
+ | 537 | vhost_svq_get_buf(svq, &len);
+ | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ | | |
+ | | (16) returning to ‘vhost_svq_poll’ from ‘vhost_svq_get_buf’
+ | 538 | return len;
+ | | ~~~
+ | | |
+ | | (17) use of uninitialized value ‘len’ here
+
+Note by Laurent Vivier <lvivier@redhat.com>:
+
+ The return value is only used to detect an error:
+
+ vhost_svq_poll
+ vhost_vdpa_net_cvq_add
+ vhost_vdpa_net_load_cmd
+ vhost_vdpa_net_load_mac
+ -> a negative return is only used to detect error
+ vhost_vdpa_net_load_mq
+ -> a negative return is only used to detect error
+ vhost_vdpa_net_handle_ctrl_avail
+ -> a negative return is only used to detect error
+
+Fixes: d368c0b052ad ("vhost: Do not depend on !NULL VirtQueueElement on vhost_svq_flush")
+Signed-off-by: Carlos López <clopez@suse.de>
+Message-Id: <20230213085747.19956-1-clopez@suse.de>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 4307296358..515ccf870d 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -522,7 +522,7 @@ static void vhost_svq_flush(VhostShadowVirtqueue *svq,
+ size_t vhost_svq_poll(VhostShadowVirtqueue *svq)
+ {
+ int64_t start_us = g_get_monotonic_time();
+- uint32_t len;
++ uint32_t len = 0;
+
+ do {
+ if (vhost_svq_more_used(svq)) {
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/vhost-user-gpio-Configure-vhost_dev-when-connecting.patch qemu-7.2+dfsg/debian/patches/master/vhost-user-gpio-Configure-vhost_dev-when-connecting.patch
--- qemu-7.2+dfsg/debian/patches/master/vhost-user-gpio-Configure-vhost_dev-when-connecting.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/vhost-user-gpio-Configure-vhost_dev-when-connecting.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,88 @@
+From daae36c13abc73cf1055abc2d33cb71cc5d34310 Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Mon, 30 Jan 2023 23:03:20 +0900
+Subject: vhost-user-gpio: Configure vhost_dev when connecting
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+vhost_dev_cleanup(), called from vu_gpio_disconnect(), clears vhost_dev
+so vhost-user-gpio must set the members of vhost_dev each time
+connecting.
+
+do_vhost_user_cleanup() should also acquire the pointer to vqs directly
+from VHostUserGPIO instead of referring to vhost_dev as it can be called
+after vhost_dev_cleanup().
+
+Fixes: 27ba7b027f ("hw/virtio: add boilerplate for vhost-user-gpio device")
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Message-Id: <20230130140320.77999-1-akihiko.odaki@daynix.com>
+Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/vhost-user-gpio.c | 10 ++++++----
+ include/hw/virtio/vhost-user-gpio.h | 2 +-
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/hw/virtio/vhost-user-gpio.c b/hw/virtio/vhost-user-gpio.c
+index fe3da32c74..d6927b610a 100644
+--- a/hw/virtio/vhost-user-gpio.c
++++ b/hw/virtio/vhost-user-gpio.c
+@@ -16,6 +16,7 @@
+ #include "trace.h"
+
+ #define REALIZE_CONNECTION_RETRIES 3
++#define VHOST_NVQS 2
+
+ /* Features required from VirtIO */
+ static const int feature_bits[] = {
+@@ -208,8 +209,7 @@ static void do_vhost_user_cleanup(VirtIODevice *vdev, VHostUserGPIO *gpio)
+ {
+ virtio_delete_queue(gpio->command_vq);
+ virtio_delete_queue(gpio->interrupt_vq);
+- g_free(gpio->vhost_dev.vqs);
+- gpio->vhost_dev.vqs = NULL;
++ g_free(gpio->vhost_vqs);
+ virtio_cleanup(vdev);
+ vhost_user_cleanup(&gpio->vhost_user);
+ }
+@@ -229,6 +229,9 @@ static int vu_gpio_connect(DeviceState *dev, Error **errp)
+ vhost_dev_set_config_notifier(vhost_dev, &gpio_ops);
+ gpio->vhost_user.supports_config = true;
+
++ gpio->vhost_dev.nvqs = VHOST_NVQS;
++ gpio->vhost_dev.vqs = gpio->vhost_vqs;
++
+ ret = vhost_dev_init(vhost_dev, &gpio->vhost_user,
+ VHOST_BACKEND_TYPE_USER, 0, errp);
+ if (ret < 0) {
+@@ -347,10 +350,9 @@ static void vu_gpio_device_realize(DeviceState *dev, Error **errp)
+
+ virtio_init(vdev, VIRTIO_ID_GPIO, sizeof(gpio->config));
+
+- gpio->vhost_dev.nvqs = 2;
+ gpio->command_vq = virtio_add_queue(vdev, 256, vu_gpio_handle_output);
+ gpio->interrupt_vq = virtio_add_queue(vdev, 256, vu_gpio_handle_output);
+- gpio->vhost_dev.vqs = g_new0(struct vhost_virtqueue, gpio->vhost_dev.nvqs);
++ gpio->vhost_vqs = g_new0(struct vhost_virtqueue, VHOST_NVQS);
+
+ gpio->connected = false;
+
+diff --git a/include/hw/virtio/vhost-user-gpio.h b/include/hw/virtio/vhost-user-gpio.h
+index a9305c5e6c..a9d3f9b049 100644
+--- a/include/hw/virtio/vhost-user-gpio.h
++++ b/include/hw/virtio/vhost-user-gpio.h
+@@ -23,7 +23,7 @@ struct VHostUserGPIO {
+ VirtIODevice parent_obj;
+ CharBackend chardev;
+ struct virtio_gpio_config config;
+- struct vhost_virtqueue *vhost_vq;
++ struct vhost_virtqueue *vhost_vqs;
+ struct vhost_dev vhost_dev;
+ VhostUserState vhost_user;
+ VirtQueue *command_vq;
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/vhost-user-i2c-Back-up-vqs-before-cleaning-up-vhost_.patch qemu-7.2+dfsg/debian/patches/master/vhost-user-i2c-Back-up-vqs-before-cleaning-up-vhost_.patch
--- qemu-7.2+dfsg/debian/patches/master/vhost-user-i2c-Back-up-vqs-before-cleaning-up-vhost_.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/vhost-user-i2c-Back-up-vqs-before-cleaning-up-vhost_.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,54 @@
+From 0126793bee853e7c134627f51d2de5428a612e99 Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Mon, 30 Jan 2023 23:04:35 +0900
+Subject: vhost-user-i2c: Back up vqs before cleaning up vhost_dev
+
+vhost_dev_cleanup() clears vhost_dev so back up its vqs member to free
+the memory pointed by the member.
+
+Fixes: 7221d3b634 ("hw/virtio: add boilerplate for vhost-user-i2c device")
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Message-Id: <20230130140435.78049-1-akihiko.odaki@daynix.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/vhost-user-i2c.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/vhost-user-i2c.c b/hw/virtio/vhost-user-i2c.c
+index dc5c828ba6..60eaf0d95b 100644
+--- a/hw/virtio/vhost-user-i2c.c
++++ b/hw/virtio/vhost-user-i2c.c
+@@ -143,8 +143,6 @@ static void do_vhost_user_cleanup(VirtIODevice *vdev, VHostUserI2C *i2c)
+ vhost_user_cleanup(&i2c->vhost_user);
+ virtio_delete_queue(i2c->vq);
+ virtio_cleanup(vdev);
+- g_free(i2c->vhost_dev.vqs);
+- i2c->vhost_dev.vqs = NULL;
+ }
+
+ static int vu_i2c_connect(DeviceState *dev)
+@@ -228,6 +226,7 @@ static void vu_i2c_device_realize(DeviceState *dev, Error **errp)
+ ret = vhost_dev_init(&i2c->vhost_dev, &i2c->vhost_user,
+ VHOST_BACKEND_TYPE_USER, 0, errp);
+ if (ret < 0) {
++ g_free(i2c->vhost_dev.vqs);
+ do_vhost_user_cleanup(vdev, i2c);
+ }
+
+@@ -239,10 +238,12 @@ static void vu_i2c_device_unrealize(DeviceState *dev)
+ {
+ VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+ VHostUserI2C *i2c = VHOST_USER_I2C(dev);
++ struct vhost_virtqueue *vhost_vqs = i2c->vhost_dev.vqs;
+
+ /* This will stop vhost backend if appropriate. */
+ vu_i2c_set_status(vdev, 0);
+ vhost_dev_cleanup(&i2c->vhost_dev);
++ g_free(vhost_vqs);
+ do_vhost_user_cleanup(vdev, i2c);
+ }
+
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/vhost-user-rng-Back-up-vqs-before-cleaning-up-vhost_.patch qemu-7.2+dfsg/debian/patches/master/vhost-user-rng-Back-up-vqs-before-cleaning-up-vhost_.patch
--- qemu-7.2+dfsg/debian/patches/master/vhost-user-rng-Back-up-vqs-before-cleaning-up-vhost_.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/vhost-user-rng-Back-up-vqs-before-cleaning-up-vhost_.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,47 @@
+From f0dac71596d4b87a1a77d1f4efb6a6adb4730d7b Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Mon, 30 Jan 2023 23:05:16 +0900
+Subject: vhost-user-rng: Back up vqs before cleaning up vhost_dev
+
+vhost_dev_cleanup() clears vhost_dev so back up its vqs member to free
+the memory pointed by the member.
+
+Fixes: 821d28b88f ("vhost-user-rng: Add vhost-user-rng implementation")
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Message-Id: <20230130140516.78078-1-akihiko.odaki@daynix.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/vhost-user-rng.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/vhost-user-rng.c b/hw/virtio/vhost-user-rng.c
+index 201a39e220..efc54cd3fb 100644
+--- a/hw/virtio/vhost-user-rng.c
++++ b/hw/virtio/vhost-user-rng.c
+@@ -229,6 +229,7 @@ static void vu_rng_device_realize(DeviceState *dev, Error **errp)
+ return;
+
+ vhost_dev_init_failed:
++ g_free(rng->vhost_dev.vqs);
+ virtio_delete_queue(rng->req_vq);
+ virtio_add_queue_failed:
+ virtio_cleanup(vdev);
+@@ -239,12 +240,12 @@ static void vu_rng_device_unrealize(DeviceState *dev)
+ {
+ VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+ VHostUserRNG *rng = VHOST_USER_RNG(dev);
++ struct vhost_virtqueue *vhost_vqs = rng->vhost_dev.vqs;
+
+ vu_rng_set_status(vdev, 0);
+
+ vhost_dev_cleanup(&rng->vhost_dev);
+- g_free(rng->vhost_dev.vqs);
+- rng->vhost_dev.vqs = NULL;
++ g_free(vhost_vqs);
+ virtio_delete_queue(rng->req_vq);
+ virtio_cleanup(vdev);
+ vhost_user_cleanup(&rng->vhost_user);
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/virtio-rng-pci-fix-migration-compat-for-vectors.patch qemu-7.2+dfsg/debian/patches/master/virtio-rng-pci-fix-migration-compat-for-vectors.patch
--- qemu-7.2+dfsg/debian/patches/master/virtio-rng-pci-fix-migration-compat-for-vectors.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/virtio-rng-pci-fix-migration-compat-for-vectors.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,52 @@
+From bad9c5a5166fd5e3a892b7b0477cf2f4bd3a959a Mon Sep 17 00:00:00 2001
+From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
+Date: Mon, 9 Jan 2023 10:58:09 +0000
+Subject: virtio-rng-pci: fix migration compat for vectors
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixup the migration compatibility for existing machine types
+so that they do not enable msi-x.
+
+Symptom:
+
+(qemu) qemu: get_pci_config_device: Bad config data: i=0x34 read: 84 device: 98 cmask: ff wmask: 0 w1cmask:0
+qemu: Failed to load PCIDevice:config
+qemu: Failed to load virtio-rng:virtio
+qemu: error while loading state for instance 0x0 of device '0000:00:03.0/virtio-rng'
+qemu: load of migration failed: Invalid argument
+
+Note: This fix will break migration from 7.2->7.2-fixed with this patch
+
+bz: https://bugzilla.redhat.com/show_bug.cgi?id=2155749
+Fixes: 9ea02e8f1 ("virtio-rng-pci: Allow setting nvectors, so we can use MSI-X")
+
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Message-Id: <20230109105809.163975-1-dgilbert@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Acked-by: David Daney <david.daney@fungible.com>
+Fixes: 9ea02e8f1 ("virtio-rng-pci: Allow setting nvectors, so we can use MSI-X")<br>
+Signed-off-by: Dr. David Alan Gilbert <<a href="mailto:dgilbert@redhat.com"; target="_blank">dgilbert@redhat.com</a>><br>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+---
+ hw/core/machine.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index 616f3a207c..f7761baab5 100644
+--- a/hw/core/machine.c
++++ b/hw/core/machine.c
+@@ -46,6 +46,7 @@ const size_t hw_compat_7_2_len = G_N_ELEMENTS(hw_compat_7_2);
+
+ GlobalProperty hw_compat_7_1[] = {
+ { "virtio-device", "queue_reset", "false" },
++ { "virtio-rng-pci", "vectors", "0" },
+ };
+ const size_t hw_compat_7_1_len = G_N_ELEMENTS(hw_compat_7_1);
+
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/master/virtio-rng-pci-fix-transitional-migration-compat-for.patch qemu-7.2+dfsg/debian/patches/master/virtio-rng-pci-fix-transitional-migration-compat-for.patch
--- qemu-7.2+dfsg/debian/patches/master/virtio-rng-pci-fix-transitional-migration-compat-for.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/master/virtio-rng-pci-fix-transitional-migration-compat-for.patch 2023-03-05 20:03:09.000000000 +0300
@@ -0,0 +1,36 @@
+From 62bdb8871512076841f4464f7e26efdc7783f78d Mon Sep 17 00:00:00 2001
+From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
+Date: Tue, 7 Feb 2023 17:49:44 +0000
+Subject: virtio-rng-pci: fix transitional migration compat for vectors
+
+In bad9c5a516 ("virtio-rng-pci: fix migration compat for vectors") I
+fixed the virtio-rng-pci migration compatibility, but it was discovered
+that we also need to fix the other aliases of the device for the
+transitional cases.
+
+Fixes: 9ea02e8f1 ('virtio-rng-pci: Allow setting nvectors, so we can use MSI-X')
+bz: https://bugzilla.redhat.com/show_bug.cgi?id=2162569
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Message-Id: <20230207174944.138255-1-dgilbert@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/core/machine.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index f29e700ee4..1cf6822e06 100644
+--- a/hw/core/machine.c
++++ b/hw/core/machine.c
+@@ -47,6 +47,8 @@ const size_t hw_compat_7_2_len = G_N_ELEMENTS(hw_compat_7_2);
+ GlobalProperty hw_compat_7_1[] = {
+ { "virtio-device", "queue_reset", "false" },
+ { "virtio-rng-pci", "vectors", "0" },
++ { "virtio-rng-pci-transitional", "vectors", "0" },
++ { "virtio-rng-pci-non-transitional", "vectors", "0" },
+ };
+ const size_t hw_compat_7_1_len = G_N_ELEMENTS(hw_compat_7_1);
+
+--
+2.30.2
+
diff -Nru qemu-7.2+dfsg/debian/patches/series qemu-7.2+dfsg/debian/patches/series
--- qemu-7.2+dfsg/debian/patches/series 2023-02-20 18:34:24.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/series 2023-03-05 20:03:09.000000000 +0300
@@ -35,8 +35,28 @@
master/migration-ram-Fix-populate_read_range.patch
master/qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch
master/block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch
-# bonzini pullreq "Misc patches for 2022-02-08"
-tests_tcg_i386-introduce-and-use-reg_t-consistently.patch
-target_i386-fix-BEXTR-instruction.patch
-target_i386-fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
-target_i386-fix-ADOX-followed-by-ADCX.patch
+master/tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch
+master/target-i386-Fix-BEXTR-instruction.patch
+master/target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
+master/target-i386-fix-ADOX-followed-by-ADCX.patch
+master/target-i386-Fix-BZHI-instruction.patch
+master/block-iscsi-fix-double-free-on-BUSY-or-similar-status.patch
+master/hw-smbios-fix-field-corruption-in-type-4-table.patch
+master/Revert-x86-do-not-re-randomize-RNG-seed-on-snapshot-.patch
+master/Revert-x86-re-initialize-RNG-seed-when-selecting-ker.patch
+master/Revert-x86-reinitialize-RNG-seed-on-system-reboot.patch
+master/Revert-x86-use-typedef-for-SetupData-struct.patch
+master/Revert-x86-return-modified-setup_data-only-if-read-a.patch
+master/Revert-hw-i386-pass-RNG-seed-via-setup_data-entry.patch
+master/vhost-user-gpio-Configure-vhost_dev-when-connecting.patch
+master/vhost-user-i2c-Back-up-vqs-before-cleaning-up-vhost_.patch
+master/vhost-user-rng-Back-up-vqs-before-cleaning-up-vhost_.patch
+master/virtio-rng-pci-fix-migration-compat-for-vectors.patch
+master/virtio-rng-pci-fix-transitional-migration-compat-for.patch
+master/hw-timer-hpet-Fix-expiration-time-overflow.patch
+master/vdpa-stop-all-svq-on-device-deletion.patch
+master/vhost-avoid-a-potential-use-of-an-uninitialized-vari.patch
+master/libvhost-user-check-for-NULL-when-allocating-a-virtq.patch
+master/chardev-char-socket-set-s-listener-NULL-in-char_sock.patch
+master/intel-iommu-fail-MAP-notifier-without-caching-mode.patch
+master/intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch
diff -Nru qemu-7.2+dfsg/debian/patches/target_i386-fix-ADOX-followed-by-ADCX.patch qemu-7.2+dfsg/debian/patches/target_i386-fix-ADOX-followed-by-ADCX.patch
--- qemu-7.2+dfsg/debian/patches/target_i386-fix-ADOX-followed-by-ADCX.patch 2023-02-10 13:30:16.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/target_i386-fix-ADOX-followed-by-ADCX.patch 1970-01-01 03:00:00.000000000 +0300
@@ -1,194 +0,0 @@
-From: Paolo Bonzini <pbonzini@redhat.com>
-Subject: target/i386: fix ADOX followed by ADCX
-Date: Wed, 8 Feb 2023 18:19:22 +0100
-Message-Id: <20230208171922.95048-12-pbonzini@redhat.com>
-
-When ADCX is followed by ADOX or vice versa, the second instruction's
-carry comes from EFLAGS and the condition codes use the CC_OP_ADCOX
-operation. Retrieving the carry from EFLAGS is handled by this bit
-of gen_ADCOX:
-
- tcg_gen_extract_tl(carry_in, cpu_cc_src,
- ctz32(cc_op == CC_OP_ADCX ? CC_C : CC_O), 1);
-
-Unfortunately, in this case cc_op has been overwritten by the previous
-"if" statement to CC_OP_ADCOX. This works by chance when the first
-instruction is ADCX; however, if the first instruction is ADOX,
-ADCX will incorrectly take its carry from OF instead of CF.
-
-Fix by moving the computation of the new cc_op at the end of the function.
-The included exhaustive test case fails without this patch and passes
-afterwards.
-
-Because ADCX/ADOX need not be invoked through the VEX prefix, this
-regression bisects to commit 16fc5726a6e2 ("target/i386: reimplement
-0x0f 0x38, add AVX", 2022-10-18). However, the mistake happened a
-little earlier, when BMI instructions were rewritten using the new
-decoder framework.
-
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1471
-Reported-by: Paul Jolly <https://gitlab.com/myitcv>
-Fixes: 1d0b926150e5 ("target/i386: move scalar 0F 38 and 0F 3A instruction to new decoder", 2022-10-18)
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- target/i386/tcg/emit.c.inc | 20 +++++----
- tests/tcg/i386/Makefile.target | 6 ++-
- tests/tcg/i386/test-i386-adcox.c | 75 ++++++++++++++++++++++++++++++++
- 3 files changed, 91 insertions(+), 10 deletions(-)
- create mode 100644 tests/tcg/i386/test-i386-adcox.c
-
-diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
-index 4d7702c106bf..0d7c6e80ae87 100644
---- a/target/i386/tcg/emit.c.inc
-+++ b/target/i386/tcg/emit.c.inc
-@@ -1015,6 +1015,7 @@ VSIB_AVX(VPGATHERQ, vpgatherq)
-
- static void gen_ADCOX(DisasContext *s, CPUX86State *env, MemOp ot, int cc_op)
- {
-+ int opposite_cc_op;
- TCGv carry_in = NULL;
- TCGv carry_out = (cc_op == CC_OP_ADCX ? cpu_cc_dst : cpu_cc_src2);
- TCGv zero;
-@@ -1022,14 +1023,8 @@ static void gen_ADCOX(DisasContext *s, CPUX86State *env, MemOp ot, int cc_op)
- if (cc_op == s->cc_op || s->cc_op == CC_OP_ADCOX) {
- /* Re-use the carry-out from a previous round. */
- carry_in = carry_out;
-- cc_op = s->cc_op;
-- } else if (s->cc_op == CC_OP_ADCX || s->cc_op == CC_OP_ADOX) {
-- /* Merge with the carry-out from the opposite instruction. */
-- cc_op = CC_OP_ADCOX;
-- }
--
-- /* If we don't have a carry-in, get it out of EFLAGS. */
-- if (!carry_in) {
-+ } else {
-+ /* We don't have a carry-in, get it out of EFLAGS. */
- if (s->cc_op != CC_OP_ADCX && s->cc_op != CC_OP_ADOX) {
- gen_compute_eflags(s);
- }
-@@ -1053,7 +1048,14 @@ static void gen_ADCOX(DisasContext *s, CPUX86State *env, MemOp ot, int cc_op)
- tcg_gen_add2_tl(s->T0, carry_out, s->T0, carry_out, s->T1, zero);
- break;
- }
-- set_cc_op(s, cc_op);
-+
-+ opposite_cc_op = cc_op == CC_OP_ADCX ? CC_OP_ADOX : CC_OP_ADCX;
-+ if (s->cc_op == CC_OP_ADCOX || s->cc_op == opposite_cc_op) {
-+ /* Merge with the carry-out from the opposite instruction. */
-+ set_cc_op(s, CC_OP_ADCOX);
-+ } else {
-+ set_cc_op(s, cc_op);
-+ }
- }
-
- static void gen_ADCX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
-diff --git a/tests/tcg/i386/Makefile.target b/tests/tcg/i386/Makefile.target
-index 81831cafbce4..bafd8c2180fc 100644
---- a/tests/tcg/i386/Makefile.target
-+++ b/tests/tcg/i386/Makefile.target
-@@ -14,7 +14,7 @@ config-cc.mak: Makefile
- I386_SRCS=$(notdir $(wildcard $(I386_SRC)/*.c))
- ALL_X86_TESTS=$(I386_SRCS:.c=)
- SKIP_I386_TESTS=test-i386-ssse3 test-avx test-3dnow test-mmx
--X86_64_TESTS:=$(filter test-i386-bmi2 $(SKIP_I386_TESTS), $(ALL_X86_TESTS))
-+X86_64_TESTS:=$(filter test-i386-adcox test-i386-bmi2 $(SKIP_I386_TESTS), $(ALL_X86_TESTS))
-
- test-i386-sse-exceptions: CFLAGS += -msse4.1 -mfpmath=sse
- run-test-i386-sse-exceptions: QEMU_OPTS += -cpu max
-@@ -28,6 +28,10 @@ test-i386-bmi2: CFLAGS=-O2
- run-test-i386-bmi2: QEMU_OPTS += -cpu max
- run-plugin-test-i386-bmi2-%: QEMU_OPTS += -cpu max
-
-+test-i386-adcox: CFLAGS=-O2
-+run-test-i386-adcox: QEMU_OPTS += -cpu max
-+run-plugin-test-i386-adcox-%: QEMU_OPTS += -cpu max
-+
- #
- # hello-i386 is a barebones app
- #
-diff --git a/tests/tcg/i386/test-i386-adcox.c b/tests/tcg/i386/test-i386-adcox.c
-new file mode 100644
-index 000000000000..16169efff823
---- /dev/null
-+++ b/tests/tcg/i386/test-i386-adcox.c
-@@ -0,0 +1,75 @@
-+/* See if various BMI2 instructions give expected results */
-+#include <assert.h>
-+#include <stdint.h>
-+#include <stdio.h>
-+
-+#define CC_C 1
-+#define CC_O (1 << 11)
-+
-+#ifdef __x86_64__
-+#define REG uint64_t
-+#else
-+#define REG uint32_t
-+#endif
-+
-+void test_adox_adcx(uint32_t in_c, uint32_t in_o, REG adcx_operand, REG adox_operand)
-+{
-+ REG flags;
-+ REG out_adcx, out_adox;
-+
-+ asm("pushf; pop %0" : "=r"(flags));
-+ flags &= ~(CC_C | CC_O);
-+ flags |= (in_c ? CC_C : 0);
-+ flags |= (in_o ? CC_O : 0);
-+
-+ out_adcx = adcx_operand;
-+ out_adox = adox_operand;
-+ asm("push %0; popf;"
-+ "adox %3, %2;"
-+ "adcx %3, %1;"
-+ "pushf; pop %0"
-+ : "+r" (flags), "+r" (out_adcx), "+r" (out_adox)
-+ : "r" ((REG)-1), "0" (flags), "1" (out_adcx), "2" (out_adox));
-+
-+ assert(out_adcx == in_c + adcx_operand - 1);
-+ assert(out_adox == in_o + adox_operand - 1);
-+ assert(!!(flags & CC_C) == (in_c || adcx_operand));
-+ assert(!!(flags & CC_O) == (in_o || adox_operand));
-+}
-+
-+void test_adcx_adox(uint32_t in_c, uint32_t in_o, REG adcx_operand, REG adox_operand)
-+{
-+ REG flags;
-+ REG out_adcx, out_adox;
-+
-+ asm("pushf; pop %0" : "=r"(flags));
-+ flags &= ~(CC_C | CC_O);
-+ flags |= (in_c ? CC_C : 0);
-+ flags |= (in_o ? CC_O : 0);
-+
-+ out_adcx = adcx_operand;
-+ out_adox = adox_operand;
-+ asm("push %0; popf;"
-+ "adcx %3, %1;"
-+ "adox %3, %2;"
-+ "pushf; pop %0"
-+ : "+r" (flags), "+r" (out_adcx), "+r" (out_adox)
-+ : "r" ((REG)-1), "0" (flags), "1" (out_adcx), "2" (out_adox));
-+
-+ assert(out_adcx == in_c + adcx_operand - 1);
-+ assert(out_adox == in_o + adox_operand - 1);
-+ assert(!!(flags & CC_C) == (in_c || adcx_operand));
-+ assert(!!(flags & CC_O) == (in_o || adox_operand));
-+}
-+
-+int main(int argc, char *argv[]) {
-+ /* try all combinations of input CF, input OF, CF from op1+op2, OF from op2+op1 */
-+ int i;
-+ for (i = 0; i <= 15; i++) {
-+ printf("%d\n", i);
-+ test_adcx_adox(!!(i & 1), !!(i & 2), !!(i & 4), !!(i & 8));
-+ test_adox_adcx(!!(i & 1), !!(i & 2), !!(i & 4), !!(i & 8));
-+ }
-+ return 0;
-+}
-+
---
-2.39.1
-
-
diff -Nru qemu-7.2+dfsg/debian/patches/target_i386-fix-BEXTR-instruction.patch qemu-7.2+dfsg/debian/patches/target_i386-fix-BEXTR-instruction.patch
--- qemu-7.2+dfsg/debian/patches/target_i386-fix-BEXTR-instruction.patch 2023-02-10 13:30:16.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/target_i386-fix-BEXTR-instruction.patch 1970-01-01 03:00:00.000000000 +0300
@@ -1,99 +0,0 @@
-From: Richard Henderson <richard.henderson@linaro.org>
-Subject: target/i386: Fix BEXTR instruction
-Date: Wed, 8 Feb 2023 18:19:20 +0100
-Message-Id: <20230208171922.95048-10-pbonzini@redhat.com>
-
-There were two problems here: not limiting the input to operand bits,
-and not correctly handling large extraction length.
-
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1372
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-Id: <20230114230542.3116013-3-richard.henderson@linaro.org>
-Cc: qemu-stable@nongnu.org
-Fixes: 1d0b926150e5 ("target/i386: move scalar 0F 38 and 0F 3A instruction to new decoder", 2022-10-18)
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- target/i386/tcg/emit.c.inc | 22 +++++++++++-----------
- tests/tcg/i386/test-i386-bmi2.c | 12 ++++++++++++
- 2 files changed, 23 insertions(+), 11 deletions(-)
-
-diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
-index 7037ff91c612..99f6ba6e19a2 100644
---- a/target/i386/tcg/emit.c.inc
-+++ b/target/i386/tcg/emit.c.inc
-@@ -1078,30 +1078,30 @@ static void gen_ANDN(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
- static void gen_BEXTR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
- {
- MemOp ot = decode->op[0].ot;
-- TCGv bound, zero;
-+ TCGv bound = tcg_constant_tl(ot == MO_64 ? 63 : 31);
-+ TCGv zero = tcg_constant_tl(0);
-+ TCGv mone = tcg_constant_tl(-1);
-
- /*
- * Extract START, and shift the operand.
- * Shifts larger than operand size get zeros.
- */
- tcg_gen_ext8u_tl(s->A0, s->T1);
-+ if (TARGET_LONG_BITS == 64 && ot == MO_32) {
-+ tcg_gen_ext32u_tl(s->T0, s->T0);
-+ }
- tcg_gen_shr_tl(s->T0, s->T0, s->A0);
-
-- bound = tcg_constant_tl(ot == MO_64 ? 63 : 31);
-- zero = tcg_constant_tl(0);
- tcg_gen_movcond_tl(TCG_COND_LEU, s->T0, s->A0, bound, s->T0, zero);
-
- /*
-- * Extract the LEN into a mask. Lengths larger than
-- * operand size get all ones.
-+ * Extract the LEN into an inverse mask. Lengths larger than
-+ * operand size get all zeros, length 0 gets all ones.
- */
- tcg_gen_extract_tl(s->A0, s->T1, 8, 8);
-- tcg_gen_movcond_tl(TCG_COND_LEU, s->A0, s->A0, bound, s->A0, bound);
--
-- tcg_gen_movi_tl(s->T1, 1);
-- tcg_gen_shl_tl(s->T1, s->T1, s->A0);
-- tcg_gen_subi_tl(s->T1, s->T1, 1);
-- tcg_gen_and_tl(s->T0, s->T0, s->T1);
-+ tcg_gen_shl_tl(s->T1, mone, s->A0);
-+ tcg_gen_movcond_tl(TCG_COND_LEU, s->T1, s->A0, bound, s->T1, zero);
-+ tcg_gen_andc_tl(s->T0, s->T0, s->T1);
-
- gen_op_update1_cc(s);
- set_cc_op(s, CC_OP_LOGICB + ot);
-diff --git a/tests/tcg/i386/test-i386-bmi2.c b/tests/tcg/i386/test-i386-bmi2.c
-index 3c3ef85513e1..982d4abda455 100644
---- a/tests/tcg/i386/test-i386-bmi2.c
-+++ b/tests/tcg/i386/test-i386-bmi2.c
-@@ -99,6 +99,9 @@ int main(int argc, char *argv[]) {
- result = bextrq(mask, 0x10f8);
- assert(result == 0);
-
-+ result = bextrq(0xfedcba9876543210ull, 0x7f00);
-+ assert(result == 0xfedcba9876543210ull);
-+
- result = blsiq(0x30);
- assert(result == 0x10);
-
-@@ -164,6 +167,15 @@ int main(int argc, char *argv[]) {
- result = bextrl(mask, 0x1038);
- assert(result == 0);
-
-+ result = bextrl((reg_t)0x8f635a775ad3b9b4ull, 0x3018);
-+ assert(result == 0x5a);
-+
-+ result = bextrl((reg_t)0xfedcba9876543210ull, 0x7f00);
-+ assert(result == 0x76543210u);
-+
-+ result = bextrl(-1, 0);
-+ assert(result == 0);
-+
- result = blsil(0xffff);
- assert(result == 1);
-
---
-2.39.1
-
-
diff -Nru qemu-7.2+dfsg/debian/patches/target_i386-fix-C-flag-for-BLSI-BLSMSK-BLSR.patch qemu-7.2+dfsg/debian/patches/target_i386-fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
--- qemu-7.2+dfsg/debian/patches/target_i386-fix-C-flag-for-BLSI-BLSMSK-BLSR.patch 2023-02-10 13:30:16.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/target_i386-fix-C-flag-for-BLSI-BLSMSK-BLSR.patch 1970-01-01 03:00:00.000000000 +0300
@@ -1,48 +0,0 @@
-From: Richard Henderson <richard.henderson@linaro.org>
-Subject: target/i386: Fix C flag for BLSI, BLSMSK, BLSR
-Date: Wed, 8 Feb 2023 18:19:21 +0100
-
-We forgot to set cc_src, which is used for computing C.
-
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1370
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-Id: <20230114180601.2993644-1-richard.henderson@linaro.org>
-Cc: qemu-stable@nongnu.org
-Fixes: 1d0b926150e5 ("target/i386: move scalar 0F 38 and 0F 3A instruction to new decoder", 2022-10-18)
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- target/i386/tcg/emit.c.inc | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
-index 99f6ba6e19a2..4d7702c106bf 100644
---- a/target/i386/tcg/emit.c.inc
-+++ b/target/i386/tcg/emit.c.inc
-@@ -1111,6 +1111,7 @@ static void gen_BLSI(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
- {
- MemOp ot = decode->op[0].ot;
-
-+ tcg_gen_mov_tl(cpu_cc_src, s->T0);
- tcg_gen_neg_tl(s->T1, s->T0);
- tcg_gen_and_tl(s->T0, s->T0, s->T1);
- tcg_gen_mov_tl(cpu_cc_dst, s->T0);
-@@ -1121,6 +1122,7 @@ static void gen_BLSMSK(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode
- {
- MemOp ot = decode->op[0].ot;
-
-+ tcg_gen_mov_tl(cpu_cc_src, s->T0);
- tcg_gen_subi_tl(s->T1, s->T0, 1);
- tcg_gen_xor_tl(s->T0, s->T0, s->T1);
- tcg_gen_mov_tl(cpu_cc_dst, s->T0);
-@@ -1131,6 +1133,7 @@ static void gen_BLSR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
- {
- MemOp ot = decode->op[0].ot;
-
-+ tcg_gen_mov_tl(cpu_cc_src, s->T0);
- tcg_gen_subi_tl(s->T1, s->T0, 1);
- tcg_gen_and_tl(s->T0, s->T0, s->T1);
- tcg_gen_mov_tl(cpu_cc_dst, s->T0);
---
-2.39.1
-
-
diff -Nru qemu-7.2+dfsg/debian/patches/tests_tcg_i386-introduce-and-use-reg_t-consistently.patch qemu-7.2+dfsg/debian/patches/tests_tcg_i386-introduce-and-use-reg_t-consistently.patch
--- qemu-7.2+dfsg/debian/patches/tests_tcg_i386-introduce-and-use-reg_t-consistently.patch 2023-02-10 13:30:16.000000000 +0300
+++ qemu-7.2+dfsg/debian/patches/tests_tcg_i386-introduce-and-use-reg_t-consistently.patch 1970-01-01 03:00:00.000000000 +0300
@@ -1,388 +0,0 @@
-Return-Path: <qemu-devel-bounces+mjt=tls.msk.ru@nongnu.org>
-X-Original-To: mjt@tls.msk.ru
-Delivered-To: mjt@tls.msk.ru
-Received: from isrv.corpit.ru (isrv.tls.msk.ru [192.168.177.226])
- by tsrv.corpit.ru (Postfix) with ESMTP id 3633795
- for <mjt@tls.msk.ru>; Wed, 8 Feb 2023 20:21:20 +0300 (MSK)
-Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
- by isrv.corpit.ru (Postfix) with ESMTP id E45D64004C
- for <mjt@tls.msk.ru>; Wed, 8 Feb 2023 20:21:20 +0300 (MSK)
-Received: from localhost ([::1] helo=lists1p.gnu.org)
- by lists.gnu.org with esmtp (Exim 4.90_1)
- (envelope-from <qemu-devel-bounces@nongnu.org>)
- id 1pPo7G-00047o-OK; Wed, 08 Feb 2023 12:20:18 -0500
-Received: from eggs.gnu.org ([2001:470:142:3::10])
- by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
- (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
- id 1pPo76-0003ku-SI
- for qemu-devel@nongnu.org; Wed, 08 Feb 2023 12:20:10 -0500
-Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124])
- by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
- (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
- id 1pPo74-00019e-R6
- for qemu-devel@nongnu.org; Wed, 08 Feb 2023 12:20:08 -0500
-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
- s=mimecast20190719; t=1675876806;
- h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
- to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-type:
- content-transfer-encoding:content-transfer-encoding:
- in-reply-to:in-reply-to:references:references;
- bh=n6S8f8jSlQQI+M5AqaNQXoEME6tyNRUu5phS9LX667o=;
- b=SwWUINfzAQAx1ntqg/qw8jDHgM6boMaKf33Gj+na0VbfmkxgqTEVFyXaHcqeRauJADkaaX
- kUAjUfn3lt40xFH2kKG2+cz7POFSiYi0Y+25Y/OMYIMhQMpyF8m4z1d/Yafv6z9DdXdb6U
- ANDESElbFVkVtXUHpCR4O6YgsVq6gf0=
-Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com
- [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS
- (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id
- us-mta-590-SWWpO--2Nt-lnQkMpBY_ug-1; Wed, 08 Feb 2023 12:19:58 -0500
-X-MC-Unique: SWWpO--2Nt-lnQkMpBY_ug-1
-Received: by mail-ej1-f70.google.com with SMTP id
- wz4-20020a170906fe4400b0084c7e7eb6d0so13639978ejb.19
- for <qemu-devel@nongnu.org>; Wed, 08 Feb 2023 09:19:53 -0800 (PST)
-X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
- d=1e100.net; s=20210112;
- h=content-transfer-encoding:mime-version:references:in-reply-to
- :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
- :subject:date:message-id:reply-to;
- bh=n6S8f8jSlQQI+M5AqaNQXoEME6tyNRUu5phS9LX667o=;
- b=anARRZBDEX8BjkVwQ63cEnD5AWbFc/ZaZ8liDDfItt4c/MnWW23oNfWytrcwoqLmjd
- VOcB7DdWtiBykwtXtIEiOGCUB1ypVHEe90Wk0n1Jz/6Y7VpqscVVKbOVa9XpjvfeyQ9w
- i1q60ARr1QrjldH6AeER9vr9xFcSn7HF/CeJCdIXfcoFK3fMaQeQWUwtS4+cuM908mZR
- 7hCJXvT5uRx04PAj9W+BKKZxVPAqjvpcRhVZHSXoybxgHTOAxn4qcdM6corJa7gv1xKN
- f5qSpBsAQm1k/6YtiR4cvau08LQUDlvjaAo/GlllkMnDh4fbzNkuO1SNgexCTfxXPH2d
- jZ2w==
-X-Gm-Message-State: AO0yUKVf2JuQXkni0/4fUNkD5AIhCq1mZbfiv940Q87nyAsLZZgWvLk6
- ozd647s9zvvg2+qXi6turVAiBuOSdVkRulNIvZBHYJ3KY/HplR3GZhfV2EyNwofGuw5SzZ9aIJG
- tKacoijhDUKcYudwQRYkJbj0Ie3vnUbcyP+s6ObOiYUetOOyznVe8l1xUazdXF3sBxGd39fmV
-X-Received: by 2002:a17:907:2d92:b0:8aa:9c54:a285 with SMTP id
- gt18-20020a1709072d9200b008aa9c54a285mr8099781ejc.12.1675876791503;
- Wed, 08 Feb 2023 09:19:51 -0800 (PST)
-X-Google-Smtp-Source: AK7set/D+/KbhvaNBuxgnpHcJ8HA5o5/VLuJb/jEtfcwzCtTmj3KCUAKxybOXOVE/cSTSt91uzeUEA==
-X-Received: by 2002:a17:907:2d92:b0:8aa:9c54:a285 with SMTP id
- gt18-20020a1709072d9200b008aa9c54a285mr8099757ejc.12.1675876791204;
- Wed, 08 Feb 2023 09:19:51 -0800 (PST)
-Received: from avogadro.local ([2001:b07:6468:f312:5e2c:eb9a:a8b6:fd3e])
- by smtp.gmail.com with ESMTPSA id
- de48-20020a1709069bf000b0088cf92eb0e1sm8540034ejc.150.2023.02.08.09.19.50
- (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
- Wed, 08 Feb 2023 09:19:50 -0800 (PST)
-From: Paolo Bonzini <pbonzini@redhat.com>
-To: qemu-devel@nongnu.org
-Cc: Richard Henderson <richard.henderson@linaro.org>,
- =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
-Subject: [PULL 08/11] tests/tcg/i386: Introduce and use reg_t consistently
-Date: Wed, 8 Feb 2023 18:19:19 +0100
-Message-Id: <20230208171922.95048-9-pbonzini@redhat.com>
-X-Mailer: git-send-email 2.39.1
-In-Reply-To: <20230208171922.95048-1-pbonzini@redhat.com>
-References: <20230208171922.95048-1-pbonzini@redhat.com>
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com;
- helo=us-smtp-delivery-124.mimecast.com
-X-Spam_score_int: -20
-X-Spam_score: -2.1
-X-Spam_bar: --
-X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,
- DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
- RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
- SPF_PASS=-0.001 autolearn=ham autolearn_force=no
-X-Spam_action: no action
-X-BeenThere: qemu-devel@nongnu.org
-X-Mailman-Version: 2.1.29
-Precedence: list
-List-Id: <qemu-devel.nongnu.org>
-List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
- <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
-List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
-List-Post: <mailto:qemu-devel@nongnu.org>
-List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
-List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
- <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
-Errors-To: qemu-devel-bounces+mjt=tls.msk.ru@nongnu.org
-Sender: qemu-devel-bounces+mjt=tls.msk.ru@nongnu.org
-
-From: Richard Henderson <richard.henderson@linaro.org>
-
-Define reg_t based on the actual register width.
-Define the inlines using that type. This will allow
-input registers to 32-bit insns to be set to 64-bit
-values on x86-64, which allows testing various edge cases.
-
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-Id: <20230114230542.3116013-2-richard.henderson@linaro.org>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- tests/tcg/i386/test-i386-bmi2.c | 182 ++++++++++++++++----------------
- 1 file changed, 93 insertions(+), 89 deletions(-)
-
-diff --git a/tests/tcg/i386/test-i386-bmi2.c b/tests/tcg/i386/test-i386-bmi2.c
-index 5fadf47510f2..3c3ef85513e1 100644
---- a/tests/tcg/i386/test-i386-bmi2.c
-+++ b/tests/tcg/i386/test-i386-bmi2.c
-@@ -3,34 +3,40 @@
- #include <stdint.h>
- #include <stdio.h>
-
-+#ifdef __x86_64
-+typedef uint64_t reg_t;
-+#else
-+typedef uint32_t reg_t;
-+#endif
-+
- #define insn1q(name, arg0) \
--static inline uint64_t name##q(uint64_t arg0) \
-+static inline reg_t name##q(reg_t arg0) \
- { \
-- uint64_t result64; \
-+ reg_t result64; \
- asm volatile (#name "q %1, %0" : "=r"(result64) : "rm"(arg0)); \
- return result64; \
- }
-
- #define insn1l(name, arg0) \
--static inline uint32_t name##l(uint32_t arg0) \
-+static inline reg_t name##l(reg_t arg0) \
- { \
-- uint32_t result32; \
-+ reg_t result32; \
- asm volatile (#name "l %k1, %k0" : "=r"(result32) : "rm"(arg0)); \
- return result32; \
- }
-
- #define insn2q(name, arg0, c0, arg1, c1) \
--static inline uint64_t name##q(uint64_t arg0, uint64_t arg1) \
-+static inline reg_t name##q(reg_t arg0, reg_t arg1) \
- { \
-- uint64_t result64; \
-+ reg_t result64; \
- asm volatile (#name "q %2, %1, %0" : "=r"(result64) : c0(arg0), c1(arg1)); \
- return result64; \
- }
-
- #define insn2l(name, arg0, c0, arg1, c1) \
--static inline uint32_t name##l(uint32_t arg0, uint32_t arg1) \
-+static inline reg_t name##l(reg_t arg0, reg_t arg1) \
- { \
-- uint32_t result32; \
-+ reg_t result32; \
- asm volatile (#name "l %k2, %k1, %k0" : "=r"(result32) : c0(arg0), c1(arg1)); \
- return result32; \
- }
-@@ -65,130 +71,128 @@ insn1l(blsr, src)
- int main(int argc, char *argv[]) {
- uint64_t ehlo = 0x202020204f4c4845ull;
- uint64_t mask = 0xa080800302020001ull;
-- uint32_t result32;
-+ reg_t result;
-
- #ifdef __x86_64
-- uint64_t result64;
--
- /* 64 bits */
-- result64 = andnq(mask, ehlo);
-- assert(result64 == 0x002020204d4c4844);
-+ result = andnq(mask, ehlo);
-+ assert(result == 0x002020204d4c4844);
-
-- result64 = pextq(ehlo, mask);
-- assert(result64 == 133);
-+ result = pextq(ehlo, mask);
-+ assert(result == 133);
-
-- result64 = pdepq(result64, mask);
-- assert(result64 == (ehlo & mask));
-+ result = pdepq(result, mask);
-+ assert(result == (ehlo & mask));
-
-- result64 = pextq(-1ull, mask);
-- assert(result64 == 511); /* mask has 9 bits set */
-+ result = pextq(-1ull, mask);
-+ assert(result == 511); /* mask has 9 bits set */
-
-- result64 = pdepq(-1ull, mask);
-- assert(result64 == mask);
-+ result = pdepq(-1ull, mask);
-+ assert(result == mask);
-
-- result64 = bextrq(mask, 0x3f00);
-- assert(result64 == (mask & ~INT64_MIN));
-+ result = bextrq(mask, 0x3f00);
-+ assert(result == (mask & ~INT64_MIN));
-
-- result64 = bextrq(mask, 0x1038);
-- assert(result64 == 0xa0);
-+ result = bextrq(mask, 0x1038);
-+ assert(result == 0xa0);
-
-- result64 = bextrq(mask, 0x10f8);
-- assert(result64 == 0);
-+ result = bextrq(mask, 0x10f8);
-+ assert(result == 0);
-
-- result64 = blsiq(0x30);
-- assert(result64 == 0x10);
-+ result = blsiq(0x30);
-+ assert(result == 0x10);
-
-- result64 = blsiq(0x30ull << 32);
-- assert(result64 == 0x10ull << 32);
-+ result = blsiq(0x30ull << 32);
-+ assert(result == 0x10ull << 32);
-
-- result64 = blsmskq(0x30);
-- assert(result64 == 0x1f);
-+ result = blsmskq(0x30);
-+ assert(result == 0x1f);
-
-- result64 = blsrq(0x30);
-- assert(result64 == 0x20);
-+ result = blsrq(0x30);
-+ assert(result == 0x20);
-
-- result64 = blsrq(0x30ull << 32);
-- assert(result64 == 0x20ull << 32);
-+ result = blsrq(0x30ull << 32);
-+ assert(result == 0x20ull << 32);
-
-- result64 = bzhiq(mask, 0x3f);
-- assert(result64 == (mask & ~INT64_MIN));
-+ result = bzhiq(mask, 0x3f);
-+ assert(result == (mask & ~INT64_MIN));
-
-- result64 = bzhiq(mask, 0x1f);
-- assert(result64 == (mask & ~(-1 << 30)));
-+ result = bzhiq(mask, 0x1f);
-+ assert(result == (mask & ~(-1 << 30)));
-
-- result64 = rorxq(0x2132435465768798, 8);
-- assert(result64 == 0x9821324354657687);
-+ result = rorxq(0x2132435465768798, 8);
-+ assert(result == 0x9821324354657687);
-
-- result64 = sarxq(0xffeeddccbbaa9988, 8);
-- assert(result64 == 0xffffeeddccbbaa99);
-+ result = sarxq(0xffeeddccbbaa9988, 8);
-+ assert(result == 0xffffeeddccbbaa99);
-
-- result64 = sarxq(0x77eeddccbbaa9988, 8 | 64);
-- assert(result64 == 0x0077eeddccbbaa99);
-+ result = sarxq(0x77eeddccbbaa9988, 8 | 64);
-+ assert(result == 0x0077eeddccbbaa99);
-
-- result64 = shrxq(0xffeeddccbbaa9988, 8);
-- assert(result64 == 0x00ffeeddccbbaa99);
-+ result = shrxq(0xffeeddccbbaa9988, 8);
-+ assert(result == 0x00ffeeddccbbaa99);
-
-- result64 = shrxq(0x77eeddccbbaa9988, 8 | 192);
-- assert(result64 == 0x0077eeddccbbaa99);
-+ result = shrxq(0x77eeddccbbaa9988, 8 | 192);
-+ assert(result == 0x0077eeddccbbaa99);
-
-- result64 = shlxq(0xffeeddccbbaa9988, 8);
-- assert(result64 == 0xeeddccbbaa998800);
-+ result = shlxq(0xffeeddccbbaa9988, 8);
-+ assert(result == 0xeeddccbbaa998800);
- #endif
-
- /* 32 bits */
-- result32 = andnl(mask, ehlo);
-- assert(result32 == 0x04d4c4844);
-+ result = andnl(mask, ehlo);
-+ assert(result == 0x04d4c4844);
-
-- result32 = pextl((uint32_t) ehlo, mask);
-- assert(result32 == 5);
-+ result = pextl((uint32_t) ehlo, mask);
-+ assert(result == 5);
-
-- result32 = pdepl(result32, mask);
-- assert(result32 == (uint32_t)(ehlo & mask));
-+ result = pdepl(result, mask);
-+ assert(result == (uint32_t)(ehlo & mask));
-
-- result32 = pextl(-1u, mask);
-- assert(result32 == 7); /* mask has 3 bits set */
-+ result = pextl(-1u, mask);
-+ assert(result == 7); /* mask has 3 bits set */
-
-- result32 = pdepl(-1u, mask);
-- assert(result32 == (uint32_t)mask);
-+ result = pdepl(-1u, mask);
-+ assert(result == (uint32_t)mask);
-
-- result32 = bextrl(mask, 0x1f00);
-- assert(result32 == (mask & ~INT32_MIN));
-+ result = bextrl(mask, 0x1f00);
-+ assert(result == (mask & ~INT32_MIN));
-
-- result32 = bextrl(ehlo, 0x1018);
-- assert(result32 == 0x4f);
-+ result = bextrl(ehlo, 0x1018);
-+ assert(result == 0x4f);
-
-- result32 = bextrl(mask, 0x1038);
-- assert(result32 == 0);
-+ result = bextrl(mask, 0x1038);
-+ assert(result == 0);
-
-- result32 = blsil(0xffff);
-- assert(result32 == 1);
-+ result = blsil(0xffff);
-+ assert(result == 1);
-
-- result32 = blsmskl(0x300);
-- assert(result32 == 0x1ff);
-+ result = blsmskl(0x300);
-+ assert(result == 0x1ff);
-
-- result32 = blsrl(0xffc);
-- assert(result32 == 0xff8);
-+ result = blsrl(0xffc);
-+ assert(result == 0xff8);
-
-- result32 = bzhil(mask, 0xf);
-- assert(result32 == 1);
-+ result = bzhil(mask, 0xf);
-+ assert(result == 1);
-
-- result32 = rorxl(0x65768798, 8);
-- assert(result32 == 0x98657687);
-+ result = rorxl(0x65768798, 8);
-+ assert(result == 0x98657687);
-
-- result32 = sarxl(0xffeeddcc, 8);
-- assert(result32 == 0xffffeedd);
-+ result = sarxl(0xffeeddcc, 8);
-+ assert(result == 0xffffeedd);
-
-- result32 = sarxl(0x77eeddcc, 8 | 32);
-- assert(result32 == 0x0077eedd);
-+ result = sarxl(0x77eeddcc, 8 | 32);
-+ assert(result == 0x0077eedd);
-
-- result32 = shrxl(0xffeeddcc, 8);
-- assert(result32 == 0x00ffeedd);
-+ result = shrxl(0xffeeddcc, 8);
-+ assert(result == 0x00ffeedd);
-
-- result32 = shrxl(0x77eeddcc, 8 | 128);
-- assert(result32 == 0x0077eedd);
-+ result = shrxl(0x77eeddcc, 8 | 128);
-+ assert(result == 0x0077eedd);
-
-- result32 = shlxl(0xffeeddcc, 8);
-- assert(result32 == 0xeeddcc00);
-+ result = shlxl(0xffeeddcc, 8);
-+ assert(result == 0xeeddcc00);
-
- return 0;
- }
---
-2.39.1
-
-
diff -Nru qemu-7.2+dfsg/debian/qemu-guest-agent.udev qemu-7.2+dfsg/debian/qemu-guest-agent.udev
--- qemu-7.2+dfsg/debian/qemu-guest-agent.udev 2022-12-03 13:49:37.000000000 +0300
+++ qemu-7.2+dfsg/debian/qemu-guest-agent.udev 2023-03-05 20:03:09.000000000 +0300
@@ -1,2 +1,2 @@
SUBSYSTEM=="virtio-ports", ATTR{name}=="org.qemu.guest_agent.0", \
- TAG+="systemd" ENV{SYSTEMD_WANTS}="qemu-guest-agent.service"
+ TAG+="systemd", ENV{SYSTEMD_WANTS}="qemu-guest-agent.service"
diff -Nru qemu-7.2+dfsg/debian/qemu-make-debian-root qemu-7.2+dfsg/debian/qemu-make-debian-root
--- qemu-7.2+dfsg/debian/qemu-make-debian-root 2022-12-03 13:49:37.000000000 +0300
+++ qemu-7.2+dfsg/debian/qemu-make-debian-root 1970-01-01 03:00:00.000000000 +0300
@@ -1,141 +0,0 @@
-#! /bin/sh -e
-#
-# $Id: qemu-make-debian-root 353 2008-10-16 20:28:22Z aurel32 $
-#
-# Script to make a debian root image.
-#
-
-set -e
-
-command -v debootstrap >/dev/null || {
- echo "error: missing debootstrap package" >&2
- exit 1
-}
-command -v sfdisk >/dev/null || {
- echo "error: missing fdisk package" >&2
- exit 1
-}
-command -v mke2fs >/dev/null || {
- echo "error: missing e2fsprogs package" >&2
- exit 1
-}
-
-KEEPFS=0
-SPARSE=0
-
-while :; do
- case "$1" in
- -k)
- KEEPFS=1
- ;;
- -s)
- SPARSE=1
- ;;
- -ks|-sk)
- KEEPFS=1
- SPARSE=1
- ;;
- *)
- break
- ;;
- esac
- shift
-done
-
-if [ $# -lt 4 ]; then
- echo Usage: "$0 [-ks] size-in-MB distrib deburl image [files_to_copy_in_/root]" >&2
- echo "eg $0 150 sid http://proxy:10000/debian qemu" >&2
- echo "-k keep file system -s sparse image" >&2
- echo "$0 is normally run as root." >&2
- exit 1
-fi
-
-SIZE=$1 # In Mib
-DISTRO=$2
-URL=$3
-IMAGE=$4
-shift 4
-
-# now files to copy are in "$@". We don't put them in a variable
-# because that would coufuse spaces-in-filenames with
-# whitespace-separation.
-
-
-if [ $SIZE -lt 130 ]; then
- echo 'Size must be at least 130 megabytes (Debian unstable takes 100)' >&2
- exit 1
-fi
-
-cleanup()
-{
- echo Cleaning up... >&2
- umount -d $TMP_DIR || true
- losetup -d $LOOP || true
- rm -f $IMAGE
-}
-
-trap cleanup EXIT
-
-# Create a filesystem: one track for partition table.
-if [ "$SPARSE" = "1" ]; then
- truncate -s ${SIZE}M "$IMAGE"
-else
- dd bs=1M count=$SIZE if=/dev/zero of=$IMAGE
-fi
-
-SECT=63 # first sector of a partition
-
-# Partition so one partition covers entire disk.
-echo "$SECT," | sfdisk -uS -L $IMAGE
-
-# Find an unused loop device and set it up.
-LOOP=`losetup -f`
-losetup -o $(($SECT*512)) $LOOP $IMAGE
-
-# Create filesystem.
-mke2fs -q -m1 $LOOP
-
-TMP_DIR="$(mktemp -d /tmp/mount.XXXXXX)" || \
- { echo >&2 "Failed to create temporary directory"; exit 1; }
-
-# Mount it.
-mount $LOOP $TMP_DIR
-
-# Do debian install on it.
-debootstrap --variant=minbase $DISTRO $TMP_DIR $URL
-
-# Final configuration.
-cat > $TMP_DIR/etc/fstab <<EOF
-/dev/hda1 / ext2 errors=remount-ro 0 1
-proc /proc proc defaults 0 0
-EOF
-
-# Console on ttyS0, not tty1, and no other gettys.
-sed 's,1:2345:respawn:/sbin/getty 38400 tty1,1:2345:respawn:/sbin/getty 38400 ttyS0,' < $TMP_DIR/etc/inittab | sed 's,^.:23:respawn.*,,' > $TMP_DIR/etc/inittab.new
-mv $TMP_DIR/etc/inittab.new $TMP_DIR/etc/inittab
-
-# Set hostname to base of image name.
-basename $IMAGE > $TMP_DIR/etc/hostname
-
-# Create /etc/shadow
-chroot $TMP_DIR pwconv
-
-# Set root password to "root"
-sed 's/^root:[^:]*/root:$1$aybpiIGf$cB7iFDNZvViQtQjEZ5HFQ0/' < $TMP_DIR/etc/shadow > $TMP_DIR/etc/shadow.new
-mv $TMP_DIR/etc/shadow.new $TMP_DIR/etc/shadow
-
-# Remove packages we don't need
-chroot $TMP_DIR /usr/bin/dpkg --remove console-common console-tools console-data base-config man-db manpages
-# Try to remove all libraries: some won't be removable.
-chroot $TMP_DIR dpkg --remove `chroot $TMP_DIR dpkg --get-selections | sed -n 's/^\(lib[^ \t]*\)[\t ]*install/\1/p'` 2>/dev/null || true
-
-
-# Copy wanted files to /root if asked to
-if [ $# -gt 0 ]; then
- cp -a "$@" $TMP_DIR/root/
-fi
-umount -d $TMP_DIR
-
-trap "" EXIT
-
-echo Done.
diff -Nru qemu-7.2+dfsg/debian/qemu-make-debian-root.8 qemu-7.2+dfsg/debian/qemu-make-debian-root.8
--- qemu-7.2+dfsg/debian/qemu-make-debian-root.8 2022-12-03 13:49:37.000000000 +0300
+++ qemu-7.2+dfsg/debian/qemu-make-debian-root.8 1970-01-01 03:00:00.000000000 +0300
@@ -1,44 +0,0 @@
-.\" $Id: qemu-make-debian-root.8 266 2008-01-06 20:29:04Z aurel32 $
-.TH qemu\-make\-debian\-root 8 2006-05-28 "0.0" Debian
-.\" Please adjust this date whenever revising the manpage.
-.\"
-.\" Some roff macros, for reference:
-.\" .nh disable hyphenation
-.\" .hy enable hyphenation
-.\" .ad l left justify
-.\" .ad b justify to both left and right margins
-.\" .nf disable filling
-.\" .fi enable filling
-.\" .br insert line break
-.\" .sp <n> insert n+1 empty lines
-.\" for manpage-specific macros, see man(7)
-.SH NAME
-qemu\-make\-debian\-root \- Create a debian root image for qemu
-.SH SYNOPSIS
-.B qemu\-make\-debian\-root
-.RI [ -k "] "
-.RI [ -s "] "
-.I size-in-MiB distrib deburl image
-.RI [ files-to-copy-in-/root ]
-.SH DESCRIPTION
-.B qemu\-make\-debian\-root
-is a command to ease the creation of a debian root image for qemu.
-The generated image is not bootable by itself, and an external kernel
-is needed. It can be run with a command like:
-.IP
-.nf
-.B qemu disk.img -kernel /boot/vmlinuz
-.fi
-.PP
-.SH OPTIONS
-.TP
-.BR \-k
-Keep file system.
-.TP
-.BR \-s
-Create a sparse image.
-.SH SEE ALSO
-.BR qemu (1),
-.BR qemu\-img (1).
-.SH AUTHOR
-This manual page was written by Guillem Jover <guillem@debian.org>.
diff -Nru qemu-7.2+dfsg/debian/qemu-utils.install qemu-7.2+dfsg/debian/qemu-utils.install
--- qemu-7.2+dfsg/debian/qemu-utils.install 2022-12-03 13:49:37.000000000 +0300
+++ qemu-7.2+dfsg/debian/qemu-utils.install 2023-03-05 20:03:09.000000000 +0300
@@ -3,4 +3,3 @@
debian/tmp/usr/bin/qemu-nbd
debian/tmp/usr/share/man/man8/qemu-nbd.8
debian/tmp/usr/bin/qemu-io
-debian/qemu-make-debian-root usr/sbin/
diff -Nru qemu-7.2+dfsg/debian/qemu-utils.manpages qemu-7.2+dfsg/debian/qemu-utils.manpages
--- qemu-7.2+dfsg/debian/qemu-utils.manpages 2022-12-03 13:49:37.000000000 +0300
+++ qemu-7.2+dfsg/debian/qemu-utils.manpages 2023-03-05 20:03:09.000000000 +0300
@@ -1,2 +1 @@
-debian/qemu-make-debian-root.8
debian/qemu-io.1
diff -Nru qemu-7.2+dfsg/debian/qemu-utils.README.Debian qemu-7.2+dfsg/debian/qemu-utils.README.Debian
--- qemu-7.2+dfsg/debian/qemu-utils.README.Debian 2022-12-03 13:49:37.000000000 +0300
+++ qemu-7.2+dfsg/debian/qemu-utils.README.Debian 1970-01-01 03:00:00.000000000 +0300
@@ -1,13 +0,0 @@
-qemu-utils for Debian
---------------------
-
-The qemu-utils package includes a simple script called qemu-make-debian-root
-under /usr/sbin, which uses debootstrap to create an image suitable for qemu
-with a fresh Debian installation inside.
-
-If you just want a test system, not wanting to go through any installation
-process, that might be just ideal. Take a look at the manual page
-qemu-make-debian-root (8) for further usage instructions.
-
- -- Guilherme de S. Pastore <gpastore@colband.com.br>, Sun May 15 09:49:11 2005
-
--- End Message ---